Kafka Error TRANSACTIONAL_ID_AUTHORIZATION_FAILED
Error code 53 · Non-retriable Transactions
Transactional Id authorization failed.
Common Causes
- Producer principal lacks ACL for TRANSACTIONAL_ID:WRITE on the transactional.id value used in the producer config
- ACL was defined with a prefix pattern that does not match the actual transactional.id (e.g., ACL on 'txn-' prefix but producer uses 'transaction-' prefix)
- Transactional.id changed after deployment (e.g., templated with hostname) but ACLs were defined for the old static name
Solutions
- Grant the required ACL: kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User:<name> --operation Write --transactional-id <txn-id>
- Use a prefix ACL if transactional IDs follow a naming convention: kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User:<name> --operation Write --transactional-id <prefix> --resource-pattern-type prefixed
- Standardize transactional.id naming in your deployment config to make ACL management predictable; avoid dynamic suffixes
Diagnostic Commands
# List ACLs for the resource
kafka-acls.sh --bootstrap-server localhost:9092 --list --transactional-id <txn-id>
# Look for authorization failures in logs
grep 'TRANSACTIONAL_ID_AUTHORIZATION_FAILED\|Transactional id authorization' /var/log/kafka/server.log | tail -20Related APIs
This error can be returned by: AddOffsetsToTxn · AddPartitionsToTxn · DescribeTransactions · EndTxn · FindCoordinator · InitProducerId · Produce · TxnOffsetCommit
Debugging Kafka errors? Conduktor Console gives you real-time visibility into your cluster. Explore all errors in the Error Decoder.