Skip to content

Error Codes

All INK endpoints MUST return structured error responses:

{
"protocol": "ink/0.1",
"error": true,
"code": "signature_verification_failed",
"message": "Ed25519 signature did not verify against any authoritative candidate key"
}

Error Codes

The codes below cover both the transport-auth middleware (returned by verifyInkAuth in the library) and application-layer rejections that an integrator may add on top.

Transport authentication (returned by verifyInkAuth)

CodeHTTP StatusDescription
missing_authorization401No Authorization header present
invalid_auth_scheme401Header is not a valid INK-Ed25519 <sig> form
missing_sender401body.from is empty or missing
invalid_from_field401body.from is not a string, or exceeds 256 chars
missing_timestamp401body.timestamp is missing
invalid_timestamp401body.timestamp does not parse as a valid date
timestamp_expired401Timestamp older than 5 minutes
timestamp_too_far_future401Timestamp more than 30 seconds ahead
signature_verification_failed401Signature did not verify against any authoritative candidate key
invalid_signature401Signature failed verification against the bootstrap public key
unresolvable_sender_key401Could not derive or look up a public key for the sender
nonce_handling_required401Middleware was invoked without a nonceStore option (fail-closed default)
missing_nonce401body.nonce missing or outside [16,256] charset bounds when middleware-side nonce enforcement is on
nonce_replay401Nonce already recorded in the NonceStore within the freshness window
nonce_store_error401nonceStore.has or nonceStore.add threw (fail-closed)

Application-layer / extension errors

CodeHTTP StatusDescription
duplicate_nonce400Returned by the standalone checkReplay helper when a nonce is in previouslySeenNonces
encryption_required400Intent type requires encrypted payload
decryption_failed400Could not decrypt payload
unsupported_version400Protocol version not supported
rate_limited429Too many requests
handshake_budget_exhausted429Per-correlation handshake budget exceeded
sender_rate_limited429Per-sender sliding window rate limit exceeded
transport_scope_violation403Invocation transport not permitted by delegation token
sender_mismatch403Message from field does not match authenticated sender identity
access_denied403Requester is not a party to the referenced message
internal_error500Agent internal error

DID resolution and agentLink lookup are integrator-side concerns. If your implementation surfaces those failures, conventional codes are unknown_did (404) and no_agent_link (404).

Witness Service Error Codes

The witness service returns these additional error codes on its authenticated endpoints.

CodeHTTP StatusDescription
missing_authorization401No Authorization header present
invalid_auth_scheme401Authorization header is not INK-Ed25519 scheme
nonce_replay401Nonce has already been used (10-minute window)
duplicate_event_id409An event with this ID has already been recorded
invalid_agent_signature400Event agentSignature does not verify against the agent’s public key
invalid_agent_id_format400Cannot extract a public key from the agentId field
sender_mismatch401Transport auth sender does not match body.from
event_agent_mismatch400event.agentId does not match submission sender
rate_limit_exceeded429Agent has exceeded 30 submissions per minute
forbidden403Requester is not a party to the queried message