Account Not Found
account_not_found404
No account matched the credentials in this request. Sign up or verify the sign-in details.
What this means
A request tried to authenticate or look up an account, and we found no matching record. The credentials (email, session token, or magic link target) don't correspond to any active Asterwise account. We never confirm whether an account exists for security reasons — so this error fires identically whether the email was never registered or was registered then deleted.
When you'll see this
- A user tried to sign in with an email they never used to register.
- A magic-link flow targeted an email that was registered then later deleted.
- A session token references an account that no longer exists (deletion happened after the token was minted).
- A copy-paste error introduced typos in an email or account identifier.
Learn more about how this works
Account lookups always return the same shape on failure — account_not_found — regardless of whether the email was never registered, was registered then deleted, or was registered but never confirmed. This is intentional: a "does this email have an account?" oracle is a tool for credential stuffing, so we don't provide one. Treat this error as "no further lookup possible" rather than "definitely doesn't exist."
In practice: the right next step depends on what the user was trying to do. If they expected to sign in, route them to sign-up. If they're a returning user who's certain they had an account, suggest checking which email they registered with — most "account vanished" reports turn out to be a different email than the one being entered.
Example response
{
"success": false,
"error": "account_not_found",
"message": "No account was found matching the provided credentials. Sign up at asterwise.com or verify your sign-in details.",
"details": [],
"retry_after": null,
"doc_url": "https://docs.asterwise.com/reference/errors/account_not_found",
"request_id": "req_01HXYZABCDEFGH",
"timestamp": "2026-05-25T12:34:56Z"
}
- Confirm the email being used to sign in matches the one used during sign-up.
- If unsure, sign up fresh at asterwise.com — registering an email that's never been seen returns a usable account.
- If the user is certain the account existed previously and isn't returning, email [email protected] with the email and approximate sign-up date.
Treat this as a clean authentication failure. Don't disclose whether an email was previously registered.
Python:
Production handler
- Python
- TypeScript
import httpx
class AccountNotFoundError(Exception):
"""No matching account. Sign up or verify credentials."""
def authenticate(email, base_url, headers):
response = httpx.post(
f"{base_url}/v1/auth/magic-link",
headers=headers,
json={"email": email},
timeout=10,
)
if response.status_code == 404:
body = response.json()
if body.get("error") == "account_not_found":
raise AccountNotFoundError(
"No account matched. Sign up or check the email used."
)
response.raise_for_status()
return response.json()
class AccountNotFoundError extends Error {}
async function authenticate(email: string, baseUrl: string, headers: HeadersInit) {
const response = await fetch(`${baseUrl}/v1/auth/magic-link`, {
method: "POST",
headers,
body: JSON.stringify({ email }),
});
if (response.status === 404) {
const body = await response.json();
if (body.error === "account_not_found") {
throw new AccountNotFoundError(
"No account matched. Sign up or check the email used.",
);
}
}
if (!response.ok) throw new Error(`HTTP ${response.status}`);
return response.json();
}
Avoid this error by
- In your sign-in UI, give the user a clear "create an account" path right next to "sign in." Most occurrences of this error are first-time users who clicked the wrong button.
- Don't try to detect whether an email is registered before submitting it. Our API deliberately doesn't expose that signal — checking it client-side is impossible.
- For multi-product users (where they may have signed up with a work email at one company and a personal email later), make the email field prominent and easy to correct.
- Never log or expose the specific email address back to the client when this error fires. The error is the signal; the email is sensitive.