Error envelope
type: a stable machine-readable code (see the table below).message: a human-readable description of what went wrong.request_id: a unique identifier for this request. Quote it when contacting support.
Error types
| HTTP status | type | Meaning |
|---|---|---|
| 400 | invalid_request | The request body or parameters are malformed or fail validation. Fix the request before retrying. |
| 401 | unauthorized | The bearer token is missing, invalid, or has been rolled. Check your Authorization header. |
| 404 | not_found | The resource (e.g. a watch subscription) does not exist. |
| 429 | rate_limited | Too many requests. Back off and retry after the indicated delay. |
| 500 | internal | An unexpected server error. Safe to retry; if it persists, contact support with the request_id. |
| 502 | internal | The upstream identity source (ABR) is temporarily unavailable. Message: “identity source temporarily unavailable”. Safe to retry. |
Absent entity is not an error
A common source of confusion: if an ABN, ACN, or name simply does not appear in the government source, AUO returns a clean200 with an empty candidates array.
502. The distinction matters: an empty
candidates array means “not found in the source”, while a 502 means “we could not
reach the source.”
Screening and read failures
ForPOST /v1/screen (and the screening block inside /v1/resolve), a failure to
read the watchlist index returns unavailable for the affected source, never a false
no_match. This fail-safe is intentional: a read error must never look like a clean
result.
unavailable, retry the request. If it persists, contact support with the
request_id.
Using the request_id
Every response (successful or error) includes arequest_id in the error envelope for
errors. Copy the full request_id value (it starts with req_) when reporting an
issue. It lets the support team look up the exact request in the logs without needing
any other context.
Retry guidance
Safe to retry
Safe to retry
502(identity source unavailable): retry with exponential backoff. The ABR SOAP service is occasionally unavailable for short periods.500(internal): retry once after a brief delay. If it persists, contact support.429(rate limited): back off for the indicated interval, then retry.
Do not retry without fixing first
Do not retry without fixing first
400(invalid request): the request is malformed. A retry with the same payload will get the same error. Fix the input, then retry.401(unauthorized): the token is invalid or missing. Check yourAuthorizationheader. Rolling a key invalidates the old one immediately.404(not found): the resource does not exist. Retrying will not create it.