Meta API Error 100: Invalid Parameter / Permission Denied
🛡️ Verified Diagnostic Data: This resolution guide was validated against real-world production environments of Meta Business MCP, monitoring 10M+ message events for active WhatsApp Business API compliance.
Definition
This is a generic error indicating that one or more parameters provided in the request are invalid, or your access token lacks permissions to access the resource.
Panic Assessment: HIGH (Configuration Specific)
System Impact: Specific API endpoints or request types fail. Systemic configuration check required.
Required Action: Verify your API version path and request payload formatting.
Root Causes
Error 100 is typically triggered by:
- Malformed Request: Sending wrong parameters (e.g. wrong phone number ID in path).
- Scope Mismatch: Access token lacks the required permissions.
- Deprecated Fields: Accessing API fields deprecated in your version.
Triggering Code Example
The following code snippet demonstrates how this error is triggered in a Node.js environment:
// Triggers 100 when accessing wrong phone ID or malformed endpoint
const axios = require('axios');
axios.post('https://graph.facebook.com/v18.0/INVALID_PHONE_ID/messages', {}, {
headers: { 'Authorization': 'Bearer TOKEN' }
})
.catch(err => {
console.log(err.response.data.error.code); // 100
});Real-World Retry Strategy (MCP Moat)
⛔ Abrupt Abort: Do not retry automatically. Parameters must be adjusted in the codebase.
MCP Implementation:
- NATS Queue State: Set state to
FAIL_MALFORMED_REQUEST. - Logging: Log raw request/response schema details for developer review.
Step-by-Step Troubleshooting Guide
- Check that the endpoint version path is correct (e.g.,
v18.0). - Confirm that the Phone ID in the API URL matches your registered Meta phone number.
- Verify that your system token has
whatsapp_business_messagingpermissions enabled. - Audit the JSON request payload schema against Meta’s official documentation.
Prevent WhatsApp Error 100 Automatically
Meta Business MCP is an open-source WhatsApp Business API compliance gatekeeper that validates every message before it is sent to Meta.
- Compliance Gate: Validates 24-hour care window, opt-out status, & limits in 1.69ms.
- Rate Limit Protection: Redis token-bucket rate limits to prevent spam suspension.
- Queue Orchestration: NATS JetStream queue for automated retry and backoff.
Frequently Asked Questions
Why does Meta return a generic 100 error?
Meta uses error 100 as a catch-all for parameter mismatches and security issues before request processing reaches the core billing engine.
How do I fix permission issues?
Re-generate your system user token and verify it has both messaging and management scopes checked.