Errors#

HTTP Errors#

The Inbox API should always acknowledge your notifications with a 201 Created HTTP status code but if something went wrong it might return 4XX status codes and a JSON body containing one or multiple error messages to help you fix the error.

400 Bad Request#

Your payload is either malformed (i.e. we’re unable to read the payload) or invalid:

  • duplicate Notification id: identifiers MUST be unique

  • invalid UUID URN: id MUST be valid UUID URN (urn:uuid:xxx)

  • the origin inbox url of your account MUST match the one in the payload['origin']['inbox'] key of your notifications

  • the notification payload MUST follow all the requirements described in the Protocol reference

401 Unauthorized#

Usage of our Inbox API is limited to partners with a valid user account. All API calls MUST be authenticated with the proper HTTP header. If your authentication token is invalid or missing you will get a 401 Unauthorized HTTP status code.

Please note that your authentication token depends on the environment (staging or production) you’re targeting.

Notifications#

These notifications indicates a failure in properly handling your notification, they are sent to your inbox with a InReplyTo key referencing your notification id.

UnprocessableNotification#

This notification has booth a Flag type and a coar-notify:UnprocessableNotification one.

Software Heritage inbox url (either the staging or the production one) MUST match the payload['target']['inbox'] value in the notification.

Reject#

This notification has a Reject type.

  • context['id'] MUST match object['as:object']

  • context['type'] MUST contain sorg:SoftwareSourceCode