Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ API Reference/ API/ STS/ Querying the Authentication Result/ Decoding the Authentication Failure Cause

Updated on 2025-11-06 GMT+08:00

View PDF

Decoding the Authentication Failure Cause

Function

This API is used to decode the authentication failure cause.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
sts::decodeAuthorizationMessage	Write	-	-	-	-

URI

POST /v5/decode-authorization-message

Request Parameters

**Table 1** Request header parameters
Parameter	Mandatory	Type	Description
X-Security-Token	No	String	When an API is called using a temporary security credential, the HTTP request header X-Security-Token must be provided. The value is the security_token field of the temporary security credential.

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
encoded_message	Yes	String	Encrypted authentication failure cause. The value is a string and the length is between 1 and 10240. Minimum: 1 Maximum: 10240

Response Parameters

Status code: 200

**Table 3** Response body parameters
Parameter	Type	Description
decoded_message	String	Plaintext of the authentication failure cause. Minimum: 1 Maximum: 10240

Status code: 400

**Table 4** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 403

**Table 5** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 500

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Example Requests

Decoding the authentication failure cause

POST https://{endpoint}/v5/decode-authorization-message

{
  "encoded_message" : "HY0L8G1lOe3rcfgxfKVP+AK+S33eYp/rHQ4I0kJed9...rwaYmLp+pt/ICBwk"
}

Example Responses

Status code: 200

Successful

{
  "decoded_message" : "{\"context\":{\"user_profile\":...\"failure\":\"implicit deny by identity-based policy\"}"
}

Status Codes

Status Code	Description
200	Successful
400	Bad request
403	Forbidden
500	Server error

Error Codes

See Error Codes.

Parent topic: Querying the Authentication Result

Previous topic: Querying the Authentication Result

Next topic: Access Analyzer

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot