Broken access control API error messages
The following table lists the error messages you might see when configuring broken access control testing using the REST API. It includes explanations and possible actions.
| Error code | Explanation | Possible action |
|---|---|---|
| 400 Bad Request | Occurs when you upload an unsupported file extension, violate mutual exclusivity rules (for example, providing a roleName when isNonAuthenticated is true), or if the jobId is already in a "Running" or "Completed" state. |
Make sure the file extension is supported, omit the roleName for non-authenticated baselines, and verify the scan job isn't currently active or locked. |
| 401 Unauthorized / 403 Forbidden | The API session token isn't valid or is missing. | Authenticate with a valid session token, and try the request again. |
| CRWAS2362E | Role name is required. | Provide a unique role name in your request when uploading an authenticated baseline. |
| CRWAS2363E | Supported traffic file formats are: .exd, .dast.config, .har, and .seqe. | Verify that the uploaded file is a supported format. Legacy .scan files aren't supported. |
| CRWAS2364E | Either a role name must be provided, or the non-authenticated flag must be true. | Ensure your request includes either a roleName or sets the isNonAuthenticated flag to true. |
| CRWAS2365E | Only one non-authenticated file upload is allowed per job. | If you need to change the non-authenticated baseline, use the DELETE endpoint to remove the existing one before uploading a new one. |
| CRWAS2366E | A record already exists for the specified job ID and role name. Each role name must be unique for a job. | Provide a unique role name in your POST request, or use the DELETE endpoint to remove the existing role before trying again. |
| CRWAS2367E | No matching role data found for deletion. | Verify the roleName you are trying to delete exists for this job. To delete a non-authenticated baseline, use "Non-Authenticated-User". |
| CRWAS2368E | Failed to delete role traffic data. | Verify the scan job isn't currently active or locked, and try the request again. |
| CRWAS2369E | The role name must be omitted if the non-authenticated flag is set to true. | Omit the roleName parameter completely when uploading a non-authenticated baseline. |
| CRWAS2370E | Save operation failed. The role name must not contain special
characters: <>"'%;)(&+ |
Rename the role using only alphanumeric characters and try the upload again. |
| CRWAS2371E | The uploaded traffic file exceeds the 200 MB limit. Upload a smaller file. | Reduce the size of the baseline traffic file. Then try the upload again. |
| CRWAS2372E | Failed to upload broken access control data. | Verify the file path, make sure the file isn't password-protected or using unsupported encryption, and verify the scan job isn't currently running. Then try the request again. |