Error Reference

Code-verified JSON-RPC and HTTP errors returned by the public MCP endpoints.

Showing 7 of 7 errors

-32000Authentication FailedHTTP 401

Request did not include a valid bearer API key or OAuth access token.

Common Cause

Missing Authorization header, revoked API key, expired token, or invalid signature.

How to Fix

Send `Authorization: Bearer ...` with a valid credential and retry.

-32000Rate Limit ExceededHTTP 429

Brand-level per-minute MCP limit was exceeded.

Common Cause

Too many MCP calls in the active minute window for current order-volume tier.

How to Fix

Back off and retry with exponential delay. Reduce parallel calls where possible.

-32000Origin Not AllowedHTTP 403

Origin is blocked by MCP endpoint allowlist checks.

Common Cause

Browser request sent from an origin that is not allowed by server CORS policy.

How to Fix

Run requests from an approved origin or call from server-side infrastructure.

-32601Method Not Found

JSON-RPC method is not supported.

Common Cause

Typo in method name or call to unsupported method.

How to Fix

Use supported methods like `initialize`, `tools/list`, and `tools/call`.

-32602Invalid Params / ProtocolHTTP 400

Request parameters or protocol version are invalid.

Common Cause

Unsupported `Mcp-Protocol-Version`, unknown prompt/resource, or malformed method params.

How to Fix

Validate payload and use a supported protocol version before retrying.

400Bad RequestHTTP 400

Incorrect MCP transport path or invalid request shape.

Common Cause

Using the wrong endpoint (`/api/mcp/<something>` instead of `/api/mcp/rpc`).

How to Fix

Use `POST /api/mcp/rpc` for calls and `GET /api/mcp/info` for server metadata.

500Server Configuration ErrorHTTP 500

Server is missing required MCP OAuth configuration.

Common Cause

OAuth token verification attempted without `MCP_OAUTH_SECRET` configured.

How to Fix

Configure MCP OAuth server secret in environment before using OAuth tokens.

Rate Limiting Response Shape

When a request is throttled, the server responds with HTTP 429 and JSON-RPC error data:

JSON

{
  "jsonrpc": "2.0",
  "error": {
    "code": -32000,
    "message": "Rate limit exceeded",
    "data": {
      "queriesUsed": 42,
      "ratePerMin": 60
    }
  },
  "id": null
}

Limits are based on monthly order volume. See Authentication rate limits.

Was this page helpful?

SDKs & Examples Glossary

Rate Limiting Response Shape

When a request is throttled, the server responds with HTTP 429 and JSON-RPC error data:

JSON

{
  "jsonrpc": "2.0",
  "error": {
    "code": -32000,
    "message": "Rate limit exceeded",
    "data": {
      "queriesUsed": 42,
      "ratePerMin": 60
    }
  },
  "id": null
}

Limits are based on monthly order volume. See Authentication rate limits.