# Error Codes
Cornerstone uses conventional HTTP response codes to indicate the success or failure of an API request. Typically, codes in the 2xx range indicate success. Codes in the 4xx range indicate an error based on the information you provided in the request. Codes in the 5xx range indicate an error on the Cornerstone end (these should be rare).
The table below lists the HTTP error codes returned by Cornerstone APIs. For a list of additional validation errors, please refer to the specific API documentation.
| Error Code | Description |
|---|---|
| 400 Bad Request. | Usually indicates that your request is malformed. Refer to the API specifications and ensure your request is formatted correctly. For POST, PUT, and PATCH operations, use the examples provided as a starting point to construct your request. |
| 401 Unauthorized. | Indicates that either your access token is invalid, has expired, or does not have the 'scope' to perform this operation. This error can also indicate that the user associated with your OAuth 2.0 application does not have the required permissions or constraints. Click here to get a list of permissions for each API. |
| 404 Not Found. | Indicates that the API endpoint or resource isn't correct. |
| 429 CSOD Too many requests. | Indicates that you have exceeded the throttling limits for the API. |
| 500, 503, 504 Internal Server Error, Service Unavailable, Gateway Timeout. | Errors in the 5xx range indicate that something went wrong on Cornerstone's end. These should be rare. We recommend that you add retry logic in your code to handle what likely is an ephemeral issue. If you see these frequently, please log a case with Global Product Support so that we can investigate. |