Shared access signature error codes
Beginning with version 2015-04-05, Azure Storage returns several updated error codes for shared access signatures.
| Scenario | Storage error code | Old status code | New status code | Error message | Applies to |
|---|---|---|---|---|---|
| Authorization of IP address or range failed | AuthorizationSourceIPMismatch |
N/A | 403 (Forbidden) | This request is not authorized to perform this operation using this source IP {SourceIP}. | Account SAS Service SAS |
| Authorization of HTTPS failed | AuthorizationProtocolMismatch |
N/A | 403 (Forbidden) | This request is not authorized to perform this operation using this protocol. | Account SAS Service SAS |
| Unauthorized signed permission (including create and add permissions) | AuthorizationPermissionMismatch |
404 (Not Found) | 403 (Forbidden) | This request is not authorized to perform this operation using this permission. | Account SAS Service SAS |
| Unauthorized signed service | AuthorizationServiceMismatch |
N/A | 403 (Forbidden) | This request is not authorized to perform this operation using this service. | Account SAS Service SAS |
| Unauthorized signed resource type | AuthorizationResourceTypeMismatch |
N/A | 403 (Forbidden) | This request is not authorized to perform this operation using this resource type. | Account SAS Service SAS |
| Other authorization errors (for example, attempting to modify an access control list) | AuthorizationFailure |
404 (Not Found) | 403 (Forbidden) | This request is not authorized to perform this operation. | Account SAS Service SAS |
The stored access policy for a file or blob relies on the create or add permission, and Get ACL is called by using a version prior to 2015-04-05. |
FeatureVersionMismatch |
N/A | 409 (Conflict) | Stored access policy contains a permission that is not supported by this version. | Service SAS |
There's a mismatch between the ses query parameter and the x-ms-default-encryption-scope header. The x-ms-deny-encryption-scope-override header is set to true, after version 2020-12-06. |
RequestForbiddenByContainerEncryptionPolicy |
N/A | 403 (Forbidden) | The request is forbidden by the container encryption policy. | Account SAS Service SAS |
There's a mismatch between the ses query parameter and the x-ms-encryption-scope header, after version 2020-12-06. |
InvalidHeaderValue |
N/A | 400 (BadRequest) | The value for one of the HTTP headers is not in the correct format. | Account SAS Service SAS |
See also
Delegate access with a shared access signature
Create a service shared access signature