
qxcvd (qxcvd) asked a question.
API: POST /api/v1/users (user with credentials and security question)
The above API returns the "403 Forbidden" response however it creates the user in the OTKA. (*as the answer to the security question is only three char.)
I would like to get the details of the API behaviors so, the app can take the necessary actions.
What are the scenarios(or Rules or Violations) when API returns the error message (Failure message) to the calling application and actually creates the user in the OKTA?
Thank you
Minesh Mehta

Hi Minesh, when I attempt to reproduce the issue I don't run into the behavior you described. After sending the request below, I get the same error message but the user is not created in my Okta org.
Request:
POST {{url}}/api/v1/users?activate=false
{
"profile": {
"firstName": "Test",
"lastName": "User",
"email": "testuser999@{{email-suffix}}",
"login": "testuser999@{{email-suffix}}"
},
"credentials": {
"recovery_question": {
"question": "Who's a major player in the cowboy scene?",
"answer": "Bob"
}
}
}
Response:
{
"errorCode": "E0000001",
"errorSummary": "Api validation failed: securityAnswer",
"errorLink": "E0000001",
"errorId": "{errorId}",
"errorCauses": [
{
"errorSummary": "securityAnswer: The security question answer must be at least 4 characters in length"
}
]
}
Hi Warren,
I tried again today in My Okta org and API returns the error message however it also creates an account and the second call to create returns the "already exists" error.
Could you please guide me to analyze and resolve the issue?
The API returns the error with status code 403.
the second call to the create API with the same values returns the error "Already exists".
I just noticed that the error code returned by the API is different. also the "errorSummary" too.
I received the error code "E0000014" with errorSummary": "Update of credentials failed",