Overview
This document provides comprehensive error handling guidance for external developers integrating with the Send Business Invite API endpoint. This endpoint creates a business invitation, optionally creating a new business or attaching the invite to an existing one, and sends an invitation email to the applicant. Each error scenario includes classification, sample responses, and actionable recommendations for handling the error in your application.Endpoint
Error Types
The endpoint can return errors classified into four main categories:- Validation Error: Request format, schema, or data validation issues
- Network Error: HTTP method or connectivity issues
- Authentication Error: Authentication, authorization, or permission issues
- Internal Server Error: Server-side failures requiring retry logic
Error Index
Quick navigation to specific error scenarios:- Validation Error (Request Body Schema)
- Method Not Allowed Error
- Authentication Error (Missing or Invalid Token)
- Authorization Error (Role Not Allowed)
- Data Permission Error
- Insufficient Permissions Error
- Onboarding Not Permitted For Customer
- Monthly Onboarding Limit Exhausted
- Onboarding Template Version Errors
- Applicant Email Already Associated With An Account
- Duplicate Business External ID
- Existing Business Not Found
1. Validation Error (Request Body Schema)
Scenario
Request body does not match the required schema for sending a business invite.When It Happens
- Neither
applicantsnornew_applicantsis provided (at least one is required) - An applicant is missing
first_name,last_name, oremail emailuses a disposable email domain, or isn’t a valid email formatmobile(applicant or business) isn’t a valid phone number for the detected region- Both
business/new_businessandexisting_business/existing_business_idare provided together (these are mutually exclusive) - Neither business information (
business,new_business,existing_business, orexisting_business_id) nor an existing business reference is provided case_idis provided withoutexisting_business_idorexisting_business- Invalid UUID format for
customerIDin the URL path, or for any ofexisting_business_id,case_id,esign_template_id,custom_field_template_id,template_version_id, orexisting_applicant_ids - Extra fields that are not allowed are included in the request
Classification
Validation ErrorError Details
- Error Class:
ValidationMiddlewareError - HTTP Status:
400 Bad Request - Error Code:
INVALID
Sample API Response
Example Scenarios
- Missing applicants:
{ "new_business": { "name": "Acme Corp" } } - Invalid email:
{ "new_business": { "name": "Acme Corp" }, "new_applicants": [{ "first_name": "Jane", "last_name": "Doe", "email": "not-an-email" }] } - Conflicting business fields:
{ "business": { "name": "Acme Corp" }, "new_business": { "name": "Acme Corp" }, "new_applicants": [...] } - Invalid
customerIDUUID:POST /api/v1/customers/invalid-uuid/businesses/invite
How to Handle
- Validate input before sending the request: Confirm at least one applicant object is present and that business information is provided through exactly one of
business,new_business,existing_business, orexisting_business_id. - Check field formats:
emailmust be a real, non-disposable address;mobilefields must be valid phone numbers for the applicable region. - Do not retry automatically: This is a client-side error that requires user action. Wait for the user to correct the input before retrying.
2. Method Not Allowed Error
Scenario
Request uses an HTTP method other than POST (e.g., GET, PUT, DELETE, PATCH).When It Happens
- Client sends a non-POST request to
/customers/:customerID/businesses/invite
Classification
Network Error (HTTP method mismatch)Error Details
- Error Class:
MethodNotAllowedError - HTTP Status:
405 Method Not Allowed - Error Code:
NOT_ALLOWED
Sample API Response
How to Handle
- Verify HTTP method: Ensure you are using the
POSTmethod for this endpoint. - Check your API client setup: Review your HTTP client configuration (fetch, axios, etc.) to ensure the correct method is being used.
- No retry needed: This is a permanent error that indicates incorrect API usage. Fix the HTTP method in your code and the request will succeed.
3. Authentication Error (Missing or Invalid Token)
Scenario
Request is missing the Authorization header or the token is invalid, expired, or malformed.When It Happens
- Missing
Authorizationheader - Authorization header does not start with “Bearer”
- Token is expired, invalid, or malformed
Classification
Authentication ErrorError Details
- Error Class:
AuthenticationMiddlewareError - HTTP Status:
401 Unauthorizedor400 Bad Request - Error Code:
UNAUTHENTICATEDorINVALID - Message: Varies based on the specific error
Sample API Response
Missing Authorization Header:How to Handle
- Check Authorization header: Ensure your request includes a valid
Authorizationheader in the format:Authorization: Bearer <token>. - Handle token expiration: Refresh the token and retry once with the new token. Do not retry automatically with the same token.
- Handle gracefully: If authentication fails, redirect to your login flow or show an appropriate error message.
4. Authorization Error (Role Not Allowed)
Scenario
The authenticated user does not have the required role (CUSTOMER or ADMIN) to access this endpoint.
When It Happens
- User has the
APPLICANTrole (not allowed) - User has a role that is not
CUSTOMERorADMIN
Classification
Authentication ErrorError Details
- Error Class:
RoleMiddlewareError - HTTP Status:
401 Unauthorized - Error Code:
UNAUTHORIZED - Message:
"Role Not Allowed"
Sample API Response
How to Handle
- Verify user permissions: This endpoint is only available to
CUSTOMERandADMINrole tokens. - Do not retry: This is a permanent authorization issue.
- Show appropriate message: Display a message indicating the user does not have permission to perform this action.
5. Data Permission Error
Scenario
ACUSTOMER-role user is attempting to send an invite for a customerID that does not belong to them.
When It Happens
- The
customerIDin the URL path does not match the authenticated user’s own customer
Classification
Authentication Error (Data access restriction)Error Details
- Error Class:
AccessMiddlewareError - HTTP Status:
403 Forbidden - Error Code:
UNAUTHORIZED - Message:
"You are not allowed to access the data."
Sample API Response
How to Handle
- Verify customer ID: Ensure the
customerIDin the URL path matches the authenticated user’s own customer. - Do not retry: This is a permanent authorization issue.
- Fix the request: If this is a bug in your integration, correct the
customerIDbeing sent.
6. Insufficient Permissions Error
Scenario
ACUSTOMER-role user’s assigned subrole does not grant the permissions required to send business invites.
When It Happens
- Your organization has custom roles enabled, and the authenticated user’s subrole does not include
businesses:writeorbusinesses:create:invite - The authenticated user’s token has no subrole assigned
This check only applies to
CUSTOMER-role tokens with custom roles enabled for your organization. ADMIN tokens are never subject to this check, and it has no effect if custom roles aren’t enabled for your account.Classification
Authentication Error (Permission restriction)Error Details
- Error Class:
PermissionMiddlewareError - HTTP Status:
403 Forbidden - Error Code:
UNAUTHENTICATED - Message:
"User subrole not found"or"You do not have the necessary permissions to perform this action."
Sample API Response
How to Handle
- Verify subrole permissions: Confirm the user’s subrole has been granted
businesses:writeorbusinesses:create:invite. - Do not retry: This is a permanent authorization issue until the subrole’s permissions are updated.
- Contact an admin: Direct the user to an account administrator to adjust their subrole’s permissions.
7. Onboarding Not Permitted For Customer
Scenario
The customer account does not have permission to onboard businesses.When It Happens
- The customer’s account is not provisioned with the
onboarding_module:writepermission
Classification
Authentication Error (Account-level permission restriction)Error Details
- Error Class:
BusinessApiError - HTTP Status:
403 Forbidden - Error Code:
INVALID - Message:
"Customer does not have permission to onboard businesses."
Sample API Response
How to Handle
- Do not retry: This is an account-provisioning issue, not something your request can fix.
- Contact support: Reach out to your Worth Customer Success team to confirm your account is provisioned for onboarding.
8. Monthly Onboarding Limit Exhausted
Scenario
The customer has reached their monthly onboarding limit and cannot send more invites.When It Happens
- The customer has already onboarded the maximum number of businesses allowed for the current month
This check is skipped for customers enrolled in the easy onboarding flow.
Classification
Authentication Error (Resource limit restriction)Error Details
- Error Class:
OnboardingLimitError - HTTP Status:
403 Forbidden - Error Code:
NOT_ALLOWED - Message:
"Monthly onboarding limit exhausted."
Sample API Response
How to Handle
- Display the error message: Show the error message clearly to the user.
- Do not retry: This will persist until the next billing cycle or until the limit is increased.
- Contact support: Provide a way for users to contact support if they need to increase their limit.
9. Onboarding Template Version Errors
Scenario
The request includestemplate_version_id, but full onboarding configuration isn’t enabled for the customer, or the referenced template version doesn’t exist.
When It Happens
template_version_idis provided, but the customer doesn’t have the full onboarding configuration setup enabledtemplate_version_idis provided, but no matching template version exists for the customer
Classification
Validation Error (Business logic validation)Error Details
Full onboarding configuration not enabled:- Error Class:
BusinessApiError - HTTP Status:
400 Bad Request - Error Code:
INVALID - Message:
"Full onboarding configuration is not enabled for this customer"
- Error Class:
BusinessApiError - HTTP Status:
404 Not Found - Error Code:
NOT_FOUND - Message:
"Onboarding template version {template_version_id} not found for customer {customerID}"
Sample API Response
How to Handle
- Omit
template_version_idunless you intend to use a specific onboarding template version and full onboarding configuration is enabled for your account. - Verify the template version ID: Confirm it exists and belongs to the calling customer.
- Contact support: If you believe full onboarding configuration should be enabled, contact your Worth Customer Success team.
10. Applicant Email Already Associated With An Account
Scenario
An applicant’s email address is already registered to a non-applicant account (for example, an existing customer or admin user).When It Happens
- An applicant in
applicants/new_applicantshas anemailthat already exists in the system under a role other thanAPPLICANT
Classification
Validation Error (Business logic validation)Error Details
- Error Class:
BusinessApiError - HTTP Status:
400 Bad Request - Error Code:
INVALID - Message:
"Cannot onboard {email} to the platform. Contact support."
Sample API Response
How to Handle
- Verify the applicant’s email: Confirm the applicant is using an email address that isn’t already tied to another Worth account.
- Do not retry with the same email: This requires the user to provide a different email address, or to contact support.
- Display the error message: Show the error to the user so they know which applicant needs a different email.
11. Duplicate Business External ID
Scenario
Theexternal_id provided on business or new_business already exists for this customer.
When It Happens
- A business with the same
external_idwas already created for this customer (including soft-deleted businesses) - A race condition causes the underlying database’s uniqueness constraint to reject the insert
Classification
Validation Error (Business logic validation)Error Details
- Error Class:
BusinessApiError - HTTP Status:
400 Bad Request - Error Code:
INVALID - Message:
"The business external ID already exists for this customer (business ID: {existing_business_id})", or, in rare race-condition cases,"The business external ID already exists for this customer"without an ID
Sample API Response
How to Handle
- Parse
data.existing_business_id: When present, use it to look up or reference the existing business instead of creating a duplicate. - Use a unique
external_id: Generate or verify uniqueness of your external identifier before sending the request. - Do not retry with the same
external_id: Correct the value first.
12. Existing Business Not Found
Scenario
existing_business_id (or the business_id on existing_business) doesn’t reference a business that this customer has onboarded.
When It Happens
- The referenced business doesn’t exist, is soft-deleted, or belongs to a different customer
Unlike the other business-logic errors on this page, this one does not set an explicit HTTP status or
errorCode. It surfaces as a generic 500 response with "status": "error" and "errorCode": "UNKNOWN_ERROR" rather than a "fail"-style 4xx response. Handle it by matching on the message text rather than the status code or error code.Classification
Validation Error (Resource not found)Error Details
- Error Class:
BusinessApiError - HTTP Status:
500 Internal Server Error - Error Code:
UNKNOWN_ERROR - Message:
"This business was not onboarded by the current customer."
Sample API Response
How to Handle
- Verify the business reference: Confirm
existing_business_id(orexisting_business.business_id) is correct and belongs to the calling customer. - Match on message text: Because this error doesn’t use a distinguishing status code or error code, detect it by checking the
messagefield rather than treating every500as a transient server error. - Do not blindly retry: Retrying without correcting the business reference will fail the same way every time.
Related Documentation
- API Reference: Send Business Invite - Complete endpoint and schema documentation
- Overview - Return to the SDK 3 overview