Some of our exceptions may be indicators of a known issue with Braintree's API. To stay up-to-date with any current issues or scheduled maintenance, we recommend subscribing to Braintree's status page.

Handling exceptions

Handling exceptions is straightforward and follows common language conventions.

  customer = gateway.customer.find("an_unknown_customer_id")
rescue Braintree::NotFoundError => e
  puts e.message

Our list of available exceptions is up-to-date with the latest versions of the server SDKs. Check our migration guide if you are integrating from an older version.

Authentication Error


Raised when your API keys are incorrect. If you're getting this exception when first integrating, double-check that you haven't accidentally tried to use your sandbox keys in production or vice-versa.

Authorization Error


Raised when the API key that you're using is not authorized to perform the attempted action according to the role assigned to the user who owns the API key.

This error can also occur if the data you submitted was malformed – either a parameter isn't in the allowed list, or it is at the wrong location in the nested parameters.

Configuration Error


Raised when the gem isn't configured. Make sure you have environment, merchant_id, public_key, and private_key.

gateway =
  :environment => :sandbox,
  :merchant_id => "your_merchant_id",
  :public_key => "your_public_key",
  :private_key => "your_private_key",

Invalid Challenge


Raised when the webhook challenge you attempt to verify is in an invalid format.

Invalid Signature


Raised when the webhook notification you attempt to parse has an invalid signature.

This could be caused by a payload being modified in transit or if you attempt to parse messages that did not originate from our servers.

Not Found Error


Raised when the record that you're trying to operate on can't be found. For example, if you try to update a customer and the customer ID isn't valid. For references and associations, you'll receive a validation error if the reference is invalid. For example, when creating a credit card and specifying which customer ID it should be associated to, if the customer ID is invalid, it will be a validation error, not a not found exception.

Server Error


Raised when something goes wrong on the Braintree server when trying to process your request.

SSL Certificate


Raised when the client library can't verify the server's TLS/SSL certificate. This may indicate an attempted man-in-the-middle attack.

Unexpected Error


Raised when an error occurs that the client library is not built to handle. If this happens, there's probably a bug in the client library.

Too Many Requests Error


Raised when requests associated with your account reach unsafe levels. We may limit API resources by merchant if activity risks negative impact to other merchants.

Upgrade Required Error


Raised when you're trying to use a version of the library that is no longer supported. Please see our Server SDK Deprecation Policy for more information.

Validation Failed


Raised from bang methods when validations fail.


Timeout Exception


Raised when a request times out because it takes longer than the custom timeout limit you set in the server SDKs. A request that returns this exception could still be successful if it processes within the Braintree gateway timeout limit of 60 seconds. Learn more about timeouts.

Down For Maintenance


Raised when a request times out. We originally used this exception during maintenance windows, but we never go down for maintenance anymore. In a future major version release of the server sdk we will rename this.

Forged Query String


Raised when someone hits your Transparent Redirect URL with an invalid hash in the query string.

The reason why this error happens is because when the gateway receives the initial Transparent Redirect request, it generates a query string that includes a verification hash at the end to protect against tampering in the client. This hash is calculated based on the entire contents of the query string minus the hash. The client library uses the same method to check the hash, and so you'll get this error any time the query string passed into the confirm method is not exactly the same as the query string that the gateway redirected to.

Note: Transparent Redirect is a deprecated integration method.