HTTP Status Code 498 – Invalid Token

HTTP Status Code 498 – Invalid Token

The HTTP status code 498 Invalid Token is a non-standard extension used to indicate that an authentication token provided with a request is invalid. This status code is commonly returned by services using token-based authentication methods, such as JSON Web Tokens (JWTs), OAuth tokens, or custom token systems.

Examples

Example 1: Invalid JWT Signature

In this example, a request is made to a protected API endpoint with a JWT that has an invalid signature.


GET /api/protected HTTP/1.1
Host: api.example.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.invalidSignature

Response:


HTTP/1.1 498 Invalid Token
Content-Type: application/json

{
“error”: “Invalid Token”,
“message”: “The token signature is invalid.”
}

Explanation: The server checks the signature of the JWT and finds it does not match the expected signature using the secret key, resulting in a 498 Invalid Token response.

Example 2: Expired OAuth Access Token

In this example, a client application attempts to access a user’s resources with an expired OAuth token.


GET /user/profile HTTP/1.1
Host: api.example.com
Authorization: Bearer ya29.a0ARrdaM-expiredTokenExample

Response:


HTTP/1.1 498 Invalid Token
Content-Type: application/json

{
“error”: “Invalid Token”,
“message”: “The access token has expired.”
}

Explanation: The server detects that the OAuth token provided in the Authorization header has expired, thus it responds with a 498 Invalid Token status code.

Example 3 Scenario

# Client sends a request example.
GET /example HTTP/1.1
Host: www.example.com

# Server Response
HTTP/1.1 498 498 Invalid Token
Date: Wed, 09 Oct 2024 23:09:44 GMT
Server: ExampleServer/1.0
Content-Type: application/json

{
    "error": "Description of the error for 498"
}

Example 4: Yet Another Scenario

# Client sends another example request.
POST /another-example HTTP/1.1
Host: www.example.com

# Server Response
HTTP/1.1 498 498 Invalid Token
Date: Wed, 09 Oct 2024 23:09:44 GMT
Server: ExampleServer/1.0
Content-Type: application/json

{
    "error": "Detailed message for 498"
}

Summary

The 498 Invalid Token status code is a non-standard HTTP response status used to signify issues with token-based authentication, such as an invalid signature or an expired token. This status helps clients to understand that the token they provided is not valid, prompting them to either refresh the token or request a new one. It is essential for applications utilizing token-based authentication to handle this status code appropriately, ensuring a smooth user experience.

I am the founder of SEO Leaders and have been involved in the internet and web development in one way or another for over 20 years. Since founding SEO Leaders some 6 years ago I have been heavily involved in web develepment, Digital PR and technical SEO for a wide variety of projects. I hope to enlighten you on a wide range of topics related to my chosen profession!

Back To Top