Error codes & troubleshooting

You will receive these error codes when reaching api.onramper.com (and the corresponding stg) with poorly built signatures. ###

Signature errors (401)

CodeAction
SIGNATURE_MISSINGAdd sigV2 parameter
SIGNATURE_INVALIDCheck signing logic and key (see debugging below)
SIGNATURE_VERSION_MISMATCHUse the v2: prefix
TIMESTAMP_MISSINGAdd sigV2Timestamp
TIMESTAMP_EXPIREDGenerate a fresh URL/request
TIMESTAMP_FUTURECheck server clock sync (30s skew tolerance)
TIMESTAMP_INVALID_FORMATUse ISO8601 with milliseconds (.000Z)
NONCE_MISSINGAdd sigV2Nonce
NONCE_INVALID_FORMATUse UUID v4
NONCE_REUSEDGenerate a new UUID per request
WIDGET_EXPIREDGenerate a new signed URL

Guard errors (403)

CodeAction
IP_BLOCKEDContact support
DOMAIN_BLOCKEDContact support
DOMAIN_NOT_WHITELISTEDRegister the domain with Onramper
WALLET_BLOCKEDUse a different wallet

General errors

CodeAction
API_KEY_MISSING (401)Add apiKey parameter
PARTNER_NOT_FOUND (401)Verify your API key
PUBLIC_KEY_NOT_CONFIGURED (401)Send your public key to Onramper
RATE_LIMIT_EXCEEDED (429)Implement exponential backoff

Debugging SIGNATURE_INVALID

Common causes:

  1. Wrong field order — query fields must be sorted alphabetically
  2. URL encoding mismatch — use URLSearchParams (JS), urlencode + quote_plus (Python), or url.Values.Encode() (Go)
  3. Wrong key format — ensure valid PEM with headers
  4. Missing apiKey — it must always be in sigV2Fields and the canonical query
  5. Missing fields — every field in sigV2Fields must be in the canonical query
  6. Timestamp format — must include milliseconds (.000Z)

Debugging steps: log the exact canonical string before signing, verify alphabetical sort order, confirm sigV2Fields lists all signed fields, check the timestamp format, and validate the nonce is UUID v4.