Common Microsoft Defender XDR REST API error codes
Applies to:
- Microsoft Defender XDR
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Error codes can be returned by an operation on any of the Microsoft Defender XDR APIs. Every error response contains an error message, which can help resolve the problem. The error message column in the table section provides some sample messages. The content of actual messages varies based on the factors that triggered the response. Variable content is indicated by angle brackets (< >) in the following table:
Error codes
| Error code | HTTP status code | Message |
|---|---|---|
| BadRequest | BadRequest (400) | General Bad Request error message. |
| ODataError | BadRequest (400) | Invalid OData URI query <the specific error is specified>. |
| InvalidInput | BadRequest (400) | Invalid input <the invalid input>. |
| InvalidRequestBody | BadRequest (400) | Invalid request body. |
| InvalidHashValue | BadRequest (400) | Hash value <the invalid hash> is invalid. |
| InvalidDomainName | BadRequest (400) | Domain name <the invalid domain> is invalid. |
| InvalidIpAddress | BadRequest (400) | IP address <the invalid IP> is invalid. |
| InvalidUrl | BadRequest (400) | URL <the invalid URL> is invalid. |
| MaximumBatchSizeExceeded | BadRequest (400) | Maximum batch size exceeded. Received: <batch size received>, allowed: {batch size allowed}. |
| MissingRequiredParameter | BadRequest (400) | Parameter <the missing parameter> is missing. |
| OsPlatformNotSupported | BadRequest (400) | OS Platform <the client OS Platform> isn't supported for this action. |
| ClientVersionNotSupported | BadRequest (400) | <The requested action> is supported on client version <supported client version> and later. |
| Unauthorized | Unauthorized (401) | Unauthorized This error is usually caused by an invalid or expired authorization header. |
| Forbidden | Forbidden (403) | Forbidden This error can occur with a valid token but insufficient permission for the action. |
| DisabledFeature | Forbidden (403) | Tenant feature isn't enabled. |
| DisallowedOperation | Forbidden (403) | <the disallowed operation and the reason>. |
| NotFound | Not Found (404) | General Not Found error message. |
| ResourceNotFound | Not Found (404) | Resource <the requested resource> wasn't found. |
| InternalServerError | Internal Server Error (500) | If there's no error message, retry the operation. Contact Microsoft if it doesn't get resolved. |
Examples
{
"error": {
"code": "ResourceNotFound",
"message": "Machine 123123123 was not found",
"target": "43f4cb08-8fac-4b65-9db1-745c2ae65f3a"
}
}
{
"error": {
"code": "InvalidRequestBody",
"message": "Request body is incorrect",
"target": "1fa66c0f-18bd-4133-b378-36d76f3a2ba0"
}
}
Body parameters
Important
Body parameters are case-sensitive.
If you experience an InvalidRequestBody or MissingRequiredParameter error, it might be caused by a typo. Review the API documentation and check that the submitted parameters match the relevant example.
Tracking ID
Each error response contains a unique ID parameter for tracking. The property name of this parameter is target. If you contact Microsoft about an error, attaching your tracking ID helps Microsoft find the root cause of the problem.
Related articles
- Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn
- Microsoft Defender XDR APIs overview
- Supported Microsoft Defender XDR APIs
- Access the Microsoft Defender XDR APIs
- Learn about API limits and licensing
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.