Note that the provided list of error codes does not cover other situations:
- Certificate is invalid (as described in VoP API specification chapter 4.4.2)
- Internal Server Error (as described in VoP API specification chapter 4.4.2)
- Service is unavailable - Could happen due to maintenance reasons etc. Should typically be associated with HTTP 503.
- Too many requests - Could happen as a result of throttling or rate limiting mechanisms. Should typically be associated with HTTP 429.
Shouldn’t it be a better approach not to prescribe a closed set of error codes in the OpenAPI schema?
The VOP API WB decided to keep a small set of error codes in order to have a simplified and manageable solution. The proposition is the best compromise approved by the VOP API WB taking also account that it is the first version of the specifications. A lot of other http error response codes are still possible without getting the vop response message structure.
In the examples mentioned in the question, the vop application is never reached, then the errors are generated before reaching the vop application.