Skip to main content
Every error response uses the same envelope:
  • code - stable, machine-readable. Switch on this.
  • message - human-readable summary. Safe to surface to operators; not always safe to surface to end users verbatim.
  • details - optional, code-specific structure (validation paths, required scopes, rate-limit info).
  • request_id - also returned as the X-Request-Id header. Quote it in support tickets and we can pull the exact request from our logs.
Every response - success or error - carries X-Request-Id. Logging this header on the client side makes triage trivial.

Codes

Details shapes

The details field varies by code. The shapes you’ll actually inspect:

validation_failed

Array of per-field reasons:
path is a dotted path through the request body. Use it to highlight the offending field in your UI.

scope_required

Tells you exactly which scope to add to the key.

rate_limited

The response also includes a Retry-After header - prefer that for retry timing.

Handling errors

Retry strategy