HTTP Status Codes
Error Response Format
All errors return a JSON object with anerror field and an optional details field:
Common Errors
Authentication Errors (401)
Authorization Errors (403)
Validation Errors (400)
Not Found (404)
Rate Limiting
The API enforces 100 requests per minute per IP address. When rate limited, you’ll receive:Handling Rate Limits
- Implement exponential backoff when you receive a
429 - Batch operations where possible (e.g., use
terminateEmployeeGrantsinstead of multiple individual calls) - Cache responses that don’t change frequently (e.g.,
listGrantConfigurations,getTokenTypes)
Best Practices
- Always check the status code before parsing the response body
- Log error details — the
detailsfield often contains actionable information - Implement retries for
500errors with exponential backoff - Don’t retry
400,401,403, or404errors — fix the request first - Handle token expiry gracefully — call
refreshUserApiTokenwhen you get a401with an expiry message
