Capability Statement Index > Response Handling

Errors

HTTP Response Codes

This specification makes rules about the use of specific HTTP status codes in particular circumstances where the status codes SHALL map to particular states correctly, and only where the correct status code is not obvious. Other HTTP status codes may be used for other states as appropriate, and this particularly includes various authentication related status codes and redirects. Authentication redirects should not be interpreted to change the location of the resource itself.

FHIR® defines an OperationOutcome resource that can be used to convey specific detailed processable error information. For a few combinations of interactions and specific return codes, an OperationOutcome is required to be returned as the content of the response. The OperationOutcome may be returned with any HTTP 4xx or 5xx response, but is not required - many of these errors may be generated by generic server frameworks underlying a FHIR® server.


Gateway HTTP Response Codes

Table: Gateway HTTP Response Codes

HTTP end point HTTP verb Scenario HTTP response code Notes
Gateway end point GET & POST
  • Token not present
  • Back-end request validation failed
    		•  400 Bad Request
    Gateway end point GET & POST
  • Invalid token ID
  • Token expired
  • Issued in future
  • Not destined for gateway
  • Back-end fine grained authorization failed
  • Invalid sub
  • Invalid identifier
  • Invalid name of the user
  • Invalid user type
  • Invalid identifier of the user
  • Invalid application name
  • Invalid organization
    		•  401 Unauthorized
    Gateway end point GET & POST 500 Internal Server Error

    In all the cases above except for the successful authorization, Gateway will respond with appropriate FHIR response to the client using an OperationOutcome Resource (Ref. http://hl7.org/fhir/R4/operationoutcome.html).


    For additional Response Codes see the "Expected Behaviour” section of the respective Operation pages.