All gateways should expose the following error codes to Moveworks. The error code and message format should follow exactly as below. The API gateway should make limited-to-no changes to error messages exposed by underlying systems.
INPUT_VALIDATION_FAILEDMoveworks submitted an invalid request to the gateway.
AUTHENTICATION_FAILEDThe provided credential by Moveworks is invalid or missing. This is NOT the same as authentication failing between the gateway and your downstream systems.
NOT_FOUNDThe resource identifier Moveworks is requesting is missing.
RATE_LIMIT_EXCEEDEDMoveworks has exceeded the allowable number of requests per minute.
If your gateway enforces a rate limit, advertise it via response headers on every response. Moveworks reads these headers and proactively slows down its call rate when your remaining capacity drops below ~30% of your limit, without waiting for a 429:
Common header-name variants (X-Rate-Limit-*, RFC 9456 RateLimit-*) are also recognized. If you do not enforce a rate limit on your side, omit these headers entirely; Moveworks falls back to its baseline crawl pacing.
For the full throttling story (proactive vs reactive behavior, what Moveworks does with each header, capacity planning), see the Operational Guide.
INTERNAL_SERVER_ERRORSomething went wrong in the gateway and threw an exception.
EXTERNAL_REST_ERRORSomething went wrong between the gateway and your system. Should include the raw response from the source system’s error.