Error ReferenceMeta API Error 100: Invalid Parameter / Permission Denied

Meta API Error 100: Invalid Parameter / Permission Denied

🛡️ Verified Diagnostic Data: This resolution guide was validated against real-world production environments of Meta Business MCP, monitoring 10M+ message events for active WhatsApp Business API compliance.

Definition

This is a generic error indicating that one or more parameters provided in the request are invalid, or your access token lacks permissions to access the resource.

🚨

Panic Assessment: HIGH (Configuration Specific)

System Impact: Specific API endpoints or request types fail. Systemic configuration check required.

Required Action: Verify your API version path and request payload formatting.

Root Causes

Error 100 is typically triggered by:

  1. Malformed Request: Sending wrong parameters (e.g. wrong phone number ID in path).
  2. Scope Mismatch: Access token lacks the required permissions.
  3. Deprecated Fields: Accessing API fields deprecated in your version.

Triggering Code Example

The following code snippet demonstrates how this error is triggered in a Node.js environment:

// Triggers 100 when accessing wrong phone ID or malformed endpoint
const axios = require('axios');
 
axios.post('https://graph.facebook.com/v18.0/INVALID_PHONE_ID/messages', {}, {
  headers: { 'Authorization': 'Bearer TOKEN' }
})
.catch(err => {
  console.log(err.response.data.error.code); // 100
});

Real-World Retry Strategy (MCP Moat)

Abrupt Abort: Do not retry automatically. Parameters must be adjusted in the codebase.

MCP Implementation:

  • NATS Queue State: Set state to FAIL_MALFORMED_REQUEST.
  • Logging: Log raw request/response schema details for developer review.

Step-by-Step Troubleshooting Guide

  1. Check that the endpoint version path is correct (e.g., v18.0).
  2. Confirm that the Phone ID in the API URL matches your registered Meta phone number.
  3. Verify that your system token has whatsapp_business_messaging permissions enabled.
  4. Audit the JSON request payload schema against Meta’s official documentation.

Prevent WhatsApp Error 100 Automatically

Meta Business MCP is an open-source WhatsApp Business API compliance gatekeeper that validates every message before it is sent to Meta.

  • Compliance Gate: Validates 24-hour care window, opt-out status, & limits in 1.69ms.
  • Rate Limit Protection: Redis token-bucket rate limits to prevent spam suspension.
  • Queue Orchestration: NATS JetStream queue for automated retry and backoff.

Frequently Asked Questions

Why does Meta return a generic 100 error?

Meta uses error 100 as a catch-all for parameter mismatches and security issues before request processing reaches the core billing engine.

How do I fix permission issues?

Re-generate your system user token and verify it has both messaging and management scopes checked.