Del via


Shared access signature error codes

Beginning with version 2015-04-05, Azure Storage returns several updated error codes for shared access signatures.

Scenario Storage error code Old status code New status code Error message Applies to
Authorization of IP address or range failed AuthorizationSourceIPMismatch N/A 403 (Forbidden) This request is not authorized to perform this operation using this source IP {SourceIP}. Account SAS

Service SAS
Authorization of HTTPS failed AuthorizationProtocolMismatch N/A 403 (Forbidden) This request is not authorized to perform this operation using this protocol. Account SAS

Service SAS
Unauthorized signed permission (including create and add permissions) AuthorizationPermissionMismatch 404 (Not Found) 403 (Forbidden) This request is not authorized to perform this operation using this permission. Account SAS

Service SAS
Unauthorized signed service AuthorizationServiceMismatch N/A 403 (Forbidden) This request is not authorized to perform this operation using this service. Account SAS

Service SAS
Unauthorized signed resource type AuthorizationResourceTypeMismatch N/A 403 (Forbidden) This request is not authorized to perform this operation using this resource type. Account SAS

Service SAS
Other authorization errors (for example, attempting to modify an access control list) AuthorizationFailure 404 (Not Found) 403 (Forbidden) This request is not authorized to perform this operation. Account SAS

Service SAS
The stored access policy for a file or blob relies on the create or add permission, and Get ACL is called by using a version prior to 2015-04-05. FeatureVersionMismatch N/A 409 (Conflict) Stored access policy contains a permission that is not supported by this version. Service SAS
There's a mismatch between the ses query parameter and the x-ms-default-encryption-scope header. The x-ms-deny-encryption-scope-override header is set to true, after version 2020-12-06. RequestForbiddenByContainerEncryptionPolicy N/A 403 (Forbidden) The request is forbidden by the container encryption policy. Account SAS

Service SAS
There's a mismatch between the ses query parameter and the x-ms-encryption-scope header, after version 2020-12-06. InvalidHeaderValue N/A 400 (BadRequest) The value for one of the HTTP headers is not in the correct format. Account SAS

Service SAS

See also

Delegate access with a shared access signature
Create a service shared access signature