Guide

Google Calendar API Error Codes

The Google Calendar API reuses HTTP status codes, but the calendar-specific failures hide in the JSON reason string: a 403 is usually rateLimitExceeded, and a 410 fullSyncRequired means your syncToken is dead and you must do a full resync. This guide is a reference for the Google Calendar errors developers hit most, what each actually means, the correct fix, and how the Nylas CLI removes the token-refresh and retry burden so callers stop hand-handling 401 and 429.

Written by Prem Keshari Senior SRE

Updated June 19, 2026

Verified — CLI 3.1.22 · Google · last tested June 19, 2026

Command references used in this guide: nylas calendar events list, nylas calendar list, and nylas doctor.

What do the common Google Calendar API error codes mean?

The Google Calendar API returns a standard HTTP status plus a JSON error.errors[].reason string, and the reason is what you act on. The table lists 9 failures developers hit most across the events and calendars collections, with the real cause and the fix. Google documents the full set in the Calendar API errors guide; these rows cover most production failures. Reading the reason can turn an hour of guessing into a fix that takes under 60 seconds.

Code	Reason	Cause	Fix
400	badRequest	Malformed RFC3339 date or bad syncToken format	Fix the request body or query value
401	Invalid Credentials	Access token expired or revoked	Refresh the token; reconnect if revoked
403	rateLimitExceeded / quotaExceeded	Per-user or project rate limit hit	Exponential backoff with jitter
403	forbiddenForNonOrganizer	Editing a field only the organizer may change	Act as the organizer account
404	notFound	Calendar or event deleted or wrong id	Verify the id; handle deletions
409	duplicate	Event id already exists on insert	Treat as success or use a new id
410	fullSyncRequired	syncToken expired or invalidated	Drop the token; do a full resync
412	preconditionFailed	ETag / If-Match mismatch on update	Re-fetch the event; retry the write
429	rateLimitExceeded	Too many requests in the window	Honor Retry-After; back off

Why is a Google Calendar 403 usually a rate limit, not a permission problem?

A Calendar 403 trips people up because the code reads as “forbidden,” but on this API it is most often throttling. The reason field disambiguates the four common 403 variants: rateLimitExceeded, userRateLimitExceeded, dailyLimitExceeded, and quotaExceeded are all rate or quota limits, while forbiddenForNonOrganizer is the genuine permission case. Read the reason before touching scopes.

The default project quota is roughly 1,000,000 queries per project per day, refreshed every 24 hours, so a single project rarely exhausts the daily cap. The per-user limit is what bursty code hits first, returning userRateLimitExceeded. Google's usage limits guide prescribes one fix for all the rate variants: exponential backoff with jitter. Reserve a scope or organizer change for an actual forbiddenForNonOrganizer reason.

# A Calendar 403 body tells you which 403 it is:
# { "error": { "code": 403, "errors": [
#     { "reason": "rateLimitExceeded" }         <- back off with jitter
#     { "reason": "userRateLimitExceeded" }      <- back off; slow the burst
#     { "reason": "forbiddenForNonOrganizer" }   <- act as the organizer
# ] } }

What does a 410 fullSyncRequired mean and how do you recover?

A 410 Gone with reason fullSyncRequired means your stored syncToken is no longer valid, so an incremental sync cannot continue. Google states the recovery directly: perform a full synchronization with the stored syncToken dropped entirely. This is the most common Calendar-specific gotcha, because tokens silently expire after a period of inactivity or a server-side change.

The syncToken lifecycle is simple. A full events.list call returns a nextSyncToken on the last page, as Google's incremental sync guide describes. You store it and pass it on the next sync to fetch only changes. When the API answers 410, you discard the saved token, run a full events.list from scratch with timeMin reset, and store the fresh nextSyncToken it returns. Never retry the same dead token; that loops forever on the same 410. The full resync may span several pages at 250 results each (the default maxResults), so a window of 30 days of changes can cost several extra calls.

# 410 Gone recovery — drop the token, do a full resync:
# GET /calendars/primary/events?syncToken=CPj... -> 410 fullSyncRequired
#
# Pseudocode:
#   resp = list_events(syncToken=saved_token)
#   if resp.status == 410:        # fullSyncRequired
#       saved_token = None        # discard the dead token
#       resp = list_events(timeMin=window_start)   # full resync
#   save(resp.nextSyncToken)      # store the fresh token

When do you get a 412 preconditionFailed on Google Calendar?

A 412 preconditionFailed happens on an update or delete when the If-Match ETag you sent no longer matches the event's current ETag. Every event carries an etag that changes on each modification. If another client edited the event between your read and your write, the server rejects your stale write with 412 to prevent silently overwriting the newer version.

This is optimistic concurrency control, and the recovery is a re-read. Fetch the event again to get its current ETag, reapply your change on top of the fresh copy, then retry the update with the new If-Match value. A multi-writer integration that uses conditional requests will hit 412 responses under contention, and the recovery costs roughly 200 ms of extra latency: 1 re-read plus 1 retried write. Treat them as a normal retry path, not a fatal error.

# 412 means the ETag moved under you — re-read, then retry:
# PATCH /calendars/primary/events/abc123
# If-Match: "p32c..."           <- stale etag -> 412 preconditionFailed
#
# Fix:
#   event = get_event("abc123")        # fresh etag
#   apply_change(event)
#   patch_event(event, if_match=event.etag)   # retry with current etag

What causes a 409 conflict when creating a calendar event?

A 409 conflict on events.insert means the event id you supplied already exists in that calendar. The Calendar API lets you set your own event id for idempotency, and when a retry resends the same id after the first insert already succeeded, the server reports the duplicate instead of creating a second copy. The response message reads “The requested identifier already exists.”

This is usually a feature, not a bug. If you generate deterministic ids to make inserts idempotent, a 409 confirms the event is already there, so you can treat it as success and skip the create — saving a redundant write on every retry within the window. If the collision is unintended, generate a fresh id that meets Google's id rules: lowercase base32hex, 5 to 1024 bytes long. Catching the conflict instead of failing keeps a retry loop from re-creating an event that already exists.

# 409 on insert = the event id is already taken:
# POST /calendars/primary/events  { "id": "order20260619abc", ... }
# -> 409 { "error": { "message": "The requested identifier already exists." } }
#
# Idempotent-insert handling:
#   try: insert_event(id="order20260619abc")
#   except Conflict: pass   # already created on a prior attempt — treat as success

How do you handle a Google Calendar 429?

Handle a Calendar 429 by reading the Retry-After response header and waiting that many seconds before retrying. A 429 means too many requests landed inside the rate window, and retrying immediately only extends the throttle. When no Retry-After is present, fall back to exponential backoff: start near 1 second, double the delay each attempt, and add random jitter.

Backoff alone is half the answer; the other half is cutting the request volume that triggers throttling. Use incremental sync with a syncToken instead of repeated full events.list calls, request only the fields you need, and avoid tight polling loops. A client that honors Retry-After and syncs incrementally rarely sees sustained 429 or 403 rate errors. The same jittered backoff covers transient 5xx responses.

# A Calendar 429 carries a wait time — obey it:
# HTTP/1.1 429 Too Many Requests
# Retry-After: 8
#
# Pseudocode:
#   if status == 429: sleep(headers["Retry-After"] or backoff_with_jitter()); retry()
#   else if status >= 500: sleep(backoff_with_jitter()); retry()

How does the CLI remove a class of these errors?

The CLI removes the auth and throttling work by handling it for you. Token refresh is automatic, so the 401 Invalid Credentials failure that hits hand-rolled clients after the access token expires doesn't recur — the grant stays current behind nylas calendar events list. The tool also retries transient errors with backoff, so a one-off 429 or 5xx during a list call is handled before it reaches you.

When something is genuinely wrong — a revoked grant, a missing calendar — nylas doctor reports it in plain language instead of a raw status code. The commands below list calendars and read the next 14 days of events; both run for hours without the token-expiry break that forces manual refresh in a direct integration. At high volume you still mind rate limits, which the quota guide covers.

# Plain-language diagnosis instead of decoding Calendar error bodies
nylas doctor --json | jq '.checks'

# List calendars, then read upcoming events — token refresh and retries handled
nylas calendar list --json
nylas calendar events list --calendar primary --days 14 --json

How do you implement exponential backoff for 403 and 429?

Exponential backoff retries a failed request after a delay that doubles each attempt, with random jitter added and a hard cap on attempts. For Calendar 403 rate reasons (rateLimitExceeded, userRateLimitExceeded) and 429, it spaces retries out so a throttled client recovers without hammering the API. Google's errors guide tells you to “Implement exponential backoff” for exactly these codes.

The four rules that make backoff correct: honor Retry-After when the 429 sends one, cap retries at about 5 attempts so a permanent failure stops instead of looping, double the base delay each round, and add random jitter. Jitter defeats the thundering-herd problem, where a fleet of clients on the same fixed retry schedule re-collides on every attempt and re-triggers the throttle. Google's errors guide documents the backoff requirement for 403 and 429; adding a random fraction of a second to each delay is the standard way to spread retries across a fleet. The Python example below caps at 5 attempts, reads Retry-After first, and falls back to a jittered 2**n delay otherwise — so the waits grow 1, 2, 4, then 8 seconds plus up to 1 second of jitter, and stop after the fifth try.

import random, time, requests

def call_with_backoff(do_request, max_retries=5):
    """Retry 403 rate reasons and 429 with exponential backoff + jitter."""
    for attempt in range(max_retries):
        resp = do_request()
        if resp.status_code not in (403, 429) and resp.status_code < 500:
            return resp  # success or a non-retryable error

        # Honor Retry-After when the API sends one (seconds)
        retry_after = resp.headers.get("Retry-After")
        if retry_after is not None:
            delay = float(retry_after)
        else:
            # Exponential backoff: 1s, 2s, 4s, 8s... plus jitter
            delay = (2 ** attempt) + random.uniform(0, 1)

        time.sleep(delay)

    raise RuntimeError(f"giving up after {max_retries} attempts")

How do you monitor Google Calendar errors from the terminal?

Monitor Calendar health from a script by running nylas doctor --json for auth and connection status, then checking the exit code of each nylas calendar events list --json call. The doctor command surfaces a revoked grant before it becomes a runtime 401 or 410, and a non-zero exit on a list call is the signal to log and alert. One cron entry catches both classes early.

The pattern has two layers. A periodic nylas doctor --json check parses the .checks array for any non-passing entry, which catches a grant that's been revoked or a connection that's degraded before a user notices. The second layer wraps every event read: capture the exit code, and on non-zero, write the stderr to your log and fire an alert. Pin a timezone with --timezone so logged event times match across hosts regardless of where the cron job runs. A 60-second cron interval means a broken grant is caught within 1 minute instead of on the next manual run. The exit code is the load-bearing signal here: a successful read exits 0, and any failure (including an underlying 401, 403, or 410 from the calendar backend) exits non-zero, so the wrapper alerts without parsing the error body at all.

#!/usr/bin/env bash
set -uo pipefail

# Layer 1: connection + auth health. Capture output and status separately so a
# doctor failure is never misread as healthy.
health=$(nylas doctor --json)
if [ $? -ne 0 ]; then
  echo "[ALERT] nylas doctor failed to run" >&2
elif echo "$health" | jq -e '.checks[]? | select(.status != "ok")' >/dev/null; then
  echo "[ALERT] nylas doctor reported a failing check" >&2
else
  echo "[ok] nylas doctor: all checks passing"
fi

# Layer 2: wrap the event read; capture non-zero exit, log, alert.
out=$(nylas calendar events list --calendar primary --days 7 \
        --timezone America/Los_Angeles --json 2>err.log)
status=$?
if [ "$status" -ne 0 ]; then
  echo "[ALERT] events list failed (exit $status): $(cat err.log)" >&2
  # send to your pager / Slack webhook here
else
  echo "[ok] read $(echo "$out" | jq 'length') events"
fi

Next steps

Google Calendar API pagination — page tokens and the nextSyncToken lifecycle
Google Calendar API quotas — the query budget behind 403 and 429
Manage Google Calendar from the CLI — list, create, and update events
Gmail API error codes — the Gmail mail equivalent
Microsoft Graph error codes — the Outlook equivalent
Google Calendar API freeBusy — the freeBusy availability endpoint
Google Calendar API sync tokens — handle the 410 fullSyncRequired with incremental sync
Full command reference — every flag and subcommand documented