This is a searchable reference for Azure REST API error codes across the platform’s core services — Azure Resource Manager (ARM), Storage (Blob), Compute, Key Vault, Cosmos DB and Azure SQL. Each row gives the error code, the originating service, the HTTP status it ships with, and the most common cause, so you can quickly distinguish an auth failure from a quota limit or a missing resource.
How it works
Azure REST APIs return errors in a consistent JSON envelope:
{ "error": { "code": "AuthorizationFailed", "message": "...", "details": [] } }The code string is stable and meant for programmatic handling, while message is descriptive text for humans. Branch on code. Many codes map to the same HTTP status — ResourceNotFound, BlobNotFound and SubscriptionNotFound are all 404 — so the code field is what tells you which kind of “not found” you hit.
Errors cluster into a few families: authentication (InvalidAuthenticationToken, ExpiredAuthenticationToken) at 401, authorization (AuthorizationFailed, Key Vault Forbidden) at 403, conflict and quota (Conflict, QuotaExceeded, OperationNotAllowed) at 409, and throttling/availability (TooManyRequests, RequestRateTooLarge, ServiceUnavailable) at 429/503. The last group is transient and retryable.
Tips and example
Drive retries off the throttling and availability codes, and respect the server’s hint:
TooManyRequests (429) → wait Retry-After seconds, then retry
RequestRateTooLarge (Cosmos) → wait x-ms-retry-after-ms, then retry
ServiceUnavailable (503) → exponential backoff + retry
AuthorizationFailed (403) → assign an RBAC role (terminal)
QuotaExceeded (409) → request a quota increase (terminal)
ResourceNotFound (404) → wrong id/scope (terminal)A 412 such as ConditionNotMet or LeaseIdMissing on Storage is an optimistic-concurrency signal — your ETag precondition failed, or a blob lease is held — and is handled in application logic rather than by blind retry. Everything runs in your browser; nothing is uploaded.