Schema, contract, and parameter constraint validation failures.
Last reviewed: March 2, 2026|63 mapped errors|Page 3 of 5
Validation errors indicate request payload, query parameters, or API contract expectations were not satisfied by caller input.
Provider-specific error pages mapped to this category (63 total). Showing 31-45.
AWS PolicyNotAttachable means the policy cannot be attached because service-role policies are attachable only to their service-linked roles (HTTP 400).
Amazon S3 PreconditionFailed means a conditional request reached the object but one of its current-state guards evaluated false.
AWS RequestExpired (Request Expired) means AWS received a signed request outside the allowed SigV4 time window, after a presigned URL already expired, or with a request timestamp too far in the future. In AWS APIs, this error returns HTTP 400.
Amazon S3 RequestTimeTooSkewed means the caller clock is too far from S3 server time for the signed request to be accepted. This usually points to clock skew rather than queue delay or presigned URL reuse.
AWS ResourceInUseException means the requested DynamoDB operation cannot be performed because the target table or index is currently being created, updated, or deleted. The resource is in a transitional state that does not accept the requested change.
AWS SignatureDoesNotMatch (Signature Does Not Match) means AWS recalculated the SigV4 signature and it does not match the signature in the request. In Amazon S3, this error returns HTTP 403.
AWS TokenRefreshRequired means the temporary token in the request must be refreshed before Amazon S3 will accept the operation. In Amazon S3, this error returns HTTP 400.
AWS TransactionConflictException means a DynamoDB transactional request conflicted with another concurrent item update (HTTP 400).
IAM returns `UnmodifiableEntity` when a protected resource, typically a service-linked role, is managed only by the owning AWS service and cannot be changed directly. IAM returns HTTP 400 for this condition.
AWS ValidationException (Validation Exception) means the input fails service validation constraints. In AWS APIs, this error returns HTTP 400.
Azure AADSTS70011 is a request-shape failure indicating that the `scope` parameter in the authentication request is malformed, misspelled, or contains scopes from multiple unrelated resources in a single token request.
Microsoft Entra ID returns `AADSTS90002` when the tenant identifier in the auth request cannot be found or resolved.
Azure BadRequest means ARM or a resource provider accepted the request envelope but rejected the rendered payload, parameter values, API-version shape, or nested deployment input as invalid.
Azure Storage InvalidAuthenticationInfo means the request reached Storage, but the authentication metadata is missing, malformed, inconsistent with the signed request, or unusable for the target endpoint.
Azure InvalidRequestContent means ARM or a resource provider rejected the final request body because required fields, types, or API-version-specific properties do not match the contract.
Compare Guide
Fix API payload issues faster by using 400 for malformed syntax and 422 for semantic validation failures, so clients correct format before business rules.
Playbook
Use this playbook to separate browser-enforced cross-origin policy failures from server-side CORS header and route defects and apply strict origin and credential controls safely.
Playbook
Use this playbook to separate malformed-request failures from semantic validation failures, then fix request contracts without broad server-side bypasses.
Contract expectations can change by version. If client and server versions drift, previously accepted fields or formats can become invalid.
Capture and diff full request payloads against a known-good example, then validate each field against the live API schema and constraints.
No. 400 is a broad class. Confirm whether the failure is contract validation, authentication syntax, or malformed transport metadata.