API reference
Errors
The error envelope, status-code map, and shared error codes.
Every error response uses one envelope:
{
"error": {
"code": "<machine_code>",
"message": "<human text>"
}
}codeis a machine-readablesnake_casestring. Branch on this, not the HTTP status alone.messageis a human-readable English string for logs and developer display.
Each operation page lists the exact code values that operation emits.
Status codes
| Status | Meaning |
|---|---|
400 | The request body or query failed validation. |
401 | No valid credential was presented. |
403 | The credential is valid but does not permit this action. |
404 | The resource does not exist or is not visible to the caller. |
409 | The request conflicts with the resource's current state. |
429 | Rate limit exceeded. |
500 | The server failed to complete the request. |
Shared codes
These appear across many operations:
| Code | Status | Meaning |
|---|---|---|
invalid_body | 400 | Request body failed validation. |
invalid_input | 400 | A field failed validation. |
unauthorized | 401 | Authentication required. |
insufficient_scope | 403 | The API key lacks the required scope. |
not_found | 404 | Resource not found or not visible. |
already_revoked | 409 | The target resource is already revoked. |
rate_limit_exceeded | 429 | Too many requests; see Retry-After. |
internal_error | 500 | Unexpected server error. |
Rate limiting
A 429 carries three headers:
X-RateLimit-Limit— the ceiling for the window.X-RateLimit-Remaining— requests left in the window.Retry-After— seconds to wait before retrying.
Back off until Retry-After elapses, then retry the same request.