Skip to main content

REST API error codes

The Piiano Vault REST API has error codes for every error condition. These codes are returned as part of the error message from the REST API and are written to the logs.

Vault error codes

This table contains all the error codes returned by the Vault REST API. Let us know if you require further details or clarifications for an error code.

CodeDetails
PV1000Server error. Vault logs may indicate the source of the issue. Contact Piiano if the problem persists. With the default configuration, these errors are sent to Piiano for investigation.
PV1001Access reason must be provided as a query parameter unless the environment variable PVAULT_SERVICE_FORCE_ACCESS_REASON is set to false.
PV1002The access reason is invalid. Follow these guidelines on how to set the access reason.
PV1004The collection doesn't exist or the caller has insufficient permissions to view the collection.
PV1005/PV1006/PV1007To debug authorization failures use pvault iam resource-view and pvault iam user-view. To identify if your token has expired, run pvault iam get-user.
PV1008The collection name is invalid. Follow the naming conventions for entities.
PV1009The operation timed out. There is a built-in timeout of 30 seconds for every API call. For object operations, check for missing indices in your pvschema. For token operations, check whether you are trying to retrieve too many tokens in one operation.
PV1010Vault can't connect to its database. Inspect your database configuration. Unless you are running stateless mode, Vault can not function without a reliable database connection.
PV1011You can enable and disable users as part of the IAM configuration. Once disabled you can not initial calls for this user.
PV1012The request could be invalid if it does not comply with the OpenAPI specification. The error context should contain details of the offending field.
PV1013Your license has expired. If you are a paying customer, contact Piiano. Anyone can get a free 7-day trial license from the get started section of the Piiano documentation.
PV1014More than one caller attempted to access the same resource as updaters, resulting in a potential conflict. For example, trying to update the same object twice from two callers in parallel.
PV1015Due to caching of the collection schema, subsequent deletion of a collection and access to it from different threads may return this error.
PV1025Supported content-types are: application/json and in specific calls that support it: application/toml and application/pvschema.
PV1026Stateless mode only supports some operations. Did you intend on running stateless mode? Check the stateless mode guide for more information.
PV1027Javascript is enabled by default. Check if you disabled it using the environment variable PVAULT_FEATURES_DISABLE_JAVASCRIPT.
PV1028You can not dynamically modify the IAM when it is configured to load at startup with the environment variable PVAULT_SERVICE_SET_IAM_ON_START_ONLY.
PV1029This error can occur in an AWS environment where the authentication session to the KMS has expired. Check the Vault's AWS role and IAM permissions to access the KMS.
PV1030The request contains an invalid UTF-8 sequence.
PV1031The size of a property being indexed exceeds the maximum allowed size for an index entry in PostgreSQL. Either remove an INDEX from your schema or contact us to work around this issue
PV1032Conflict with another concurrent operation to the same resource. This can happen if you try to update the same piece of data from two different threads in parallel.
PV1034A collection being accessed is unavailable. It could occur when using multiple Vault instances, deleting a collection from one instance, and trying to access it from another instance in parallel (or before the cache is synced - up to 30 seconds).
PV1035A user is only allowed to have one role. You can attach several capabilities and several policies to one role.
PV1036The tenant isolation enforcement rule evaluation failed, and therefore the request was rejected.
PV1037The action is not found. The only supported action is http_call.
PV1038A request sent from a browser was rejected due to your CORS policy. You need to configure the PVAULT_SERVICE_ALLOW_ORIGINS to allow the origins creating these browser requests.
PV2001This operation is not implemented. For example, when calling with the wrong HTTP method, e.g., calling the version endpoint with the method PATCH instead of GET.
PV2002Anti-tampering has been triggered. It could happen if you manually modified your database (which you should not) or restored the database from a snapshot that is incompatible with the Vault's version. See the anti tampering guide for more details.
CodeDetails
PV2004The property does not exist in the collection.
PV2005The property name is invalid. For more information: Add collection property.
PV2009The property name is not unique. There is already a property with the same name in the collection.
PV2010The property's schema is invalid. it should comply with PVSchema format
PV2012The property's data type is invalid. Property type is one of builtin data types or custom data types
PV2013One or more fields is too long. For more information: Add collection property.
PV2014One or more numeric fields is out of range
PV2015The Admin user cannot be redefined. Admin user is predefined by Vault.
PV2016There is no role assigned to the user.
PV2017User name was not found. Use Get IAM to list users.
PV2020The IAM configuration is invalid. For more information How IAM works.
PV2021Regenerating a key for Admin is not allowed.
PV2022Configuration name is not supported. For more information: Set configuration variable.
PV2023The URL property name: url_property_name and body property name: body_property_name don't match.
PV2024The specified collection does not exist. Use List collections to check for existing collections.
PV2026The collection name is invalid. For more information Add collection.
PV2027Incorrect value type for configuration variable name. For more information: Set configuration variable.
PV2028The collection is invalid. For more information: PVSchema format.
PV2029The collection already exists.
PV2030Failed to read one or more collections.
PV2031The specified collection type does not exist. For more information Add collection.
PV2032A built-in property cannot be deleted.
PV2033A built-in property cannot be added.
PV2034A built-in property was provided with incorrect fields.
PV2035Update collection name is not supported. For more information Update collection.
PV2036Update collection type is not allowed. For more information Update collection.
PV2037The collection's schema is invalid. For more information: PVSchema format.
PV2038A non nullable property can't be added while the collection is not empty.
PV2039The new bundle functions are not a superset of the current bundle functions. For more information Update bundle.
PV2100Unsupported change to an existing property. For more information Update collection property.
PV2101A built-in data type cannot be updated.
PV2102A custom data type that is in use cannot be deleted.
PV2104A JavaScript method failed to compile. For more information: Bundles.
PV2105The bundle name is already in use.
PV2106Failed to delete the bundle.
PV2107Failed to find the bundle. Use List bundles to list existing bundles.
PV2108The bundle name is invalid. For more information: Bundles.
PV2109The bundle has no compliant function exports. For more information: Bundles.
PV2110The bundle does not compile. For more information: Bundles.
PV2111The bundle has no exports. For more information: Bundles.
PV2112The bundle function is missing or does not compile. For more information: Bundles.
PV2113Prototype is missing. For more information: Bundles.
PV2114Handler is missing on prototype. For more information: Bundles.
PV2115Handler is not a function. For more information: Bundles.
PV2116Function has the incorrect number of arguments. For more information: Bundles.
PV2117The data type name is invalid. For more information: Add data type.
PV2118The data type name is already in use.
PV2119Failed to delete the data type. Use List data types to list existing data types.
PV2120Failed to find the data type. Use List data types to list existing data types.
PV2121The bundle was not found. Use List bundles to list existing bundles.
PV2122The function is not exported by the bundle. Should be expored by the bundle.
PV2123The base type of a data type must be a built-in type
PV2124The bundle is in use by one or more data types and cannot be deleted
PV2125The bundle is in use by one or more collection and cannot be deleted
PV2126The default transformer is not in the transformers list.
PV2127The license is invalid. Please contact support.
PV2128The license is missing. License should be set via env var or Set license.
PV2129The function name is invalid. For more information: Bundles.
PV2130A built-in type cannot be deleted.
PV2132The update of a data type cannot add built-in transformers.
PV2133The sum of the collection and one of its property names is too large. The length of the combination of both should not exceed 41.
PV2134A collection-name_property-name combination is not unique.
PV2135is_index and is_unique are not supported for this data type because its max length exceeds 2048.
PV2136The property type is invalid. Property type is one of builtin data types or custom data types
PV2137The admin API key is too short. For more details Set Admin API key.
PV2138The admin API key is invalid.
CodeDetails
PV3002One or more values is in a bad format
PV3003One or more values is invalid
PV3004Property does not exist
PV3005One or more Objects IDs are not found
PV3006One or more required unique fields is not unique
PV3009One or more token IDs not found
PV3010The token is invalid
PV3012One or more token generation parameters is invalid
PV3013One or more required fields is missing or null
PV3014One or more string values exceeded max length
PV3015One or more numeric values is out of range
PV3016Original property doesn't exist
PV3020Failed to parse object ID
PV3021Specify Props or Unsafe but not both
PV3022Specify one of Props or Unsafe
PV3023The specified collection does not exist
PV3024The collection name is invalid
PV3025The property name is invalid
PV3026Cannot set an owner for a PERSON object
PV3027Owner ID is invalid
PV3028Shouldn't provide _tenant_id when owner is specified
PV3029Must specify owner ID and owner collection or specify neither
PV3030Owner collection is not found
PV3031Owner ID is not found
PV3032Owner collection is not valid
PV3033DATA object owner can be PERSON object only
PV3034Non nullable property must not be null
PV3035The number of object IDs is greater than the maximum page size
PV3036ID must exist in update objects field
PV3037Invalid ID
PV3038The number of objects is greater than the maximum page size
PV3079Cannot add readonly properties
PV3081The query should not be empty
PV3084Property with transformation is not supported for query
PV3085Cannot update this property
PV3086The token is irreversible
PV3088Format preserve template does not exist
PV3089Format preserve template requires a different number of properties
PV3090Format preserve template requires property of a different type
PV3091Missing token query params. Use tags, token ID, or object ID
PV3092Missing token ID params
PV3093One or more token rotation parameters is invalid
PV3100A transformer is not found for the property
PV3101Multiple properties per transformer is not implemented
PV3203Too many tags provided
PV3204At least one update params required
PV3205Query param option show_builtins is only available if unsafe option is requested.
PV3206Query param page_size exceeds the maximum value allowed. See api-pagination for more details.
PV3207Query param option page_size is only available when IDs are not provided.
PV3208Cannot create an object with an expiration duration of 0 seconds.
PV3210Failed to parse the cursor. This error most likely to occur of the cursor used in the request is not the exact value returned by Vault in an earlier response. Check that the value provided in the cursor parameter matches Vault's previous response.
PV3211The number of items requested exceeds the maximum value allowed
PV3213Archived object's properties cannot be modified. You can only set its expiration to a new value.
PV3214Archived tokens cannot be updated. You can only set its expiration to a new value.
PV3215Archived tokens cannot be detokenized. Restore the token first to be able to detokenize it. See Object lifecycle for more details.
PV3216Cannot tokenize an object with an expiration duration of 0 seconds.
PV3217Custom validation failed. This means that the JS validator configured for your Data Type has returned a negative value.
PV3219A runtime error occurred in a JavaScript method.
PV3221Tokenize Blob data type is allowed only as type pointer.
PV3222Token for the property does not exist. You can only use the Token transformation for already existing tokens.
PV3223Rotating an irreversible token is not allowed. This error most likely to occur when trying to rotate a type pci_oneway token. See Token types for more details.
PV3230Pointer token is only allowed on an existing or new object. When providing the input_object parameter, make sure to either use the id field, or other fields alongside store_object turned to "true".
PV3231The requested property value was missing from the input object. Make sure that the props parameter is a subset of the input objet fields.
PV3232Cannot tokenize an object with empty fields. This error occures when passing an empty fields in the input object parameter.
PV3233The encrypted object is archived. This error most likely to occur if the encrypted object is archived, but the archived option is not set. See Decrypt for more details.
PV3234Deterministic encryption with expiration is not allowed.
PV3236Invalid ciphertext. This error most likely to occur if the ciphertext provided as an input, ether as part of an input object, or to operation like Decrypt, is invalid. Make sure to use the exact value you got from Vault as from an Encrypt operation.
PV3237The encrypted object is active. This error most likely to occur if the encrypted object is active, but the archived option is set. See Decrypt for more details.
PV3238Object ID is not allowed in stateless mode. Use other input options such as fields or ciphertext.
PV3239Value is not a valid UUID. This error most likely to occur if a non UUID external object ID is provided when adding an object. See add-object for more details.
PV3241The transaction ID is invalid. Valid values are of of length less than 256.
PV3242The transaction ID is not found.
PV3243Transaction ID already exists for the given collection and entity.
PV3244Decryption parameter is invalid. This error most likely to occur if the provided ciphertext is not as returned from Vault, or the scope provided to the operation does not match the scope provided to Encrypt Make sure to use the exact value you got from Vault as from an Encrypt operation, and the same scope.
PV3245The data type of the property is invalid. Use an existing Data type.
PV3246The data type of the property is invalid because it uses JavaScript, which is disabled. See PVAULT_FEATURES_DISABLE_JAVASCRIPT configuration for more details.
PV3247Tokenize request with store object request without input object fields.
PV3248Invalid input object request index out of range. Make sure that request_index field of the object parameter is positive and not greater then the length of the array of objects.
PV3249Invalid input object request index to itself. Make sure that request_index field of the object parameter points to a different object in the array, or use a different input such as id, fields, or ciphertext.
PV3250Invalid input object request index to other index. Make sure that request_index field of the object parameter doesn't point the another object that uses request_index.
PV3251Token tag is longer than 256. Use a shorter tag.
PV3252Property with transformation is not supported for export. The export parameter is intended to be used by the CLI command pvault export. See Data import and export for a detailed guide about import-export.
PV3253The value of an input field of data type EMAIL exceeded the maximum length.
PV3254Export key set does not exist. This error most likely to occur if trying to export but neither PVAULT_KMS_EXPORT_URI nor PVAULT_KMS_EXPORT_SEED are not configured. See Export data for more details.
PV3256Export key is invalid. This error most likely to occur if you use the export_key or import parameters manually. Those parameters are intended to be used by the CLI command pvault import. See Data import and export for a detailed guide about import-export.
PV3257Query param export_key is only available if query param import is true. This error most likely to occur if you use the export_key or import parameters manually. Those parameters are intended to be used by the CLI command pvault import. See Data import and export for a detailed guide about import-export.
PV3258Expecting values to be encrypted when export_key is provided. This error happens if you
PV3259Unique tags violation. This means that some tags were provided, and marked as ensure_unique_tenant_tags, are not unique in the Tenant level as supposed to.
PV3260Unique tags are not included in tags. Make sure that the ensure_unique_tenant_tags input is a subset of tags. See Tokenize body for more details.
PV3261Tenant can't contains commas. See Tenant isolation header for more details about the format.
PV3262Invalid action input. This error is most likely to occur for bad input format to the http_call action. See http_call request body for more details.
PV3263Action invocation failed with an error. This error is most likely to occour for a template input or response, to the http_call action.
PV3264The action role not configured in the IAM configuration. This error can occur if PVAULT_SERVICE_ACTIONS_HTTP_CALL_ROLE configuration for more details. is pointing to a non existent IAM role.
PV3265Expiration exceeded for field of datatype. This error can occur if PCI restrictions are enabled. See PCI - Property data types for more details.
PV3266Provided token ID is invalid. See tokenize API (token_id input) for the constraints of this variable.
PV3267Token ID cannot be provided if format preserving template is provided.
PV3268Restricted data type for token type in PCI.
PV3269Query with no values is not allowed.
PV3270Token update failed. See update-tokens API for the constraints that may fail this operation.

PostgreSQL specific codes

Vault can return the underlying SQLSTATE error, which can assist in investigating an error case. The format of these errors is (SQLSTATE XXXXX). You can look up 5-digit code in the PostgreSQL error list.