Response Codes

HTTP response codes from the Mimecast API are strictly indicative of the HTTP call status and not the result of the function itself. A 404 means that the request URL does not exist. A 200 means that the HTTP call was successfully retrieved and processed. That is, the function was found and executed correctly, however, this does not mean that the requested action was successful. Function-level success or failure is indicated in the response body content.

The table below describes the HTTP response codes you can expect from the Mimecast API.

Response Codes

Code Message Description
200 Success

The request was processed and executed. This does not mean that the requested action was successful. Function-level success or failure is indicated in the response body content.

400 Bad Request The request cannot be processed because it is either malformed or not correct.
401 Unauthorized Authorization information is either missing, incomplete or incorrect.
403 Forbidden Access is denied to the requested resource. The user may not have enough permission to perform the action.
404 Not Found The requested resource does not exist.
409 Conflict The current status of the relying data does not match what is defined in the request.
418 Binding Expired The TTL of the access key and secret key issued on successful login has lapsed and the binding should be refreshed as described in the Authentication guide.
429 Quota Exceeded The number of requests sent to the given resource has exceeded the rate limiting policy applied to the resource for a given time period. Rate limiting is applied differently per resource and is subject to change.
500 Internal Server Error The request was not processed successfully or an issue has occurred in the Mimecast platform.

Sub Codes

Code Description
400 0001 Credentials are missing from the request.
401 0001

Authentication type not supported for the user. For example the Authorization header defines that a Cloud password should be used, but the user's effective Authentication Profile does not permit this type of authentication.

401 0001 Either the user or password was not found in the Authorization header.
401 0003 Invalid credentials supplied.
401 0004 The signature provided in the Authorization header is not valid. See the Authorization guide for details on building a signature.
401 0005 MC realm not find in the Authorization header.
401 0008 Access key cannot be refreshed, you will need to login and get a new access key in this scenario.
401 0010 The user account is locked. By default accounts are locked for 15 minutes. User accounts can be unlocked by an Administrator.
401 0011 The user account is disabled.
401 0012 The access key and secret key issued on successful login has been revoked by an administrator or privilege change event.
401 0013 The access key and secret key issued on successful login is not found in the Mimecast platform.
403 0002 The user is forbidden to perform the requested operation.
403 0003 The user is forbidden to perform the requested operation.
403 0007 The user is forbidden to load the message requested.
403 0009 The user's password has expired.
403 0011 The requested message has been expired for the user.
403 0012 The user has hit the limit of the number of access / secret keys allowed. (max. 2000)
403 0016 The request is from a forbidden IP address.
404 0003 The domain of the user is not managed by Mimecast.
418 0001 The TTL of the access key and secret key issued on successful login has lapsed and the binding should be refreshed.
429 0008 The number of requests sent to the given resource has exceeded the rate limiting policy applied to the resource for a given time period.
500 0006 An internal server error, typically caused by a networking issue to an external resource that the function depends on.
Back to Top