Skip to main content

HTTP Status Codes

Error Response Format

All errors return a JSON object with an error field and an optional details field:

Common Errors

Authentication Errors (401)

Authorization Errors (403)

Validation Errors (400)

Not Found (404)

Rate Limiting

The API enforces 100 requests per minute per IP address. When rate limited, you’ll receive:

Handling Rate Limits

  • Implement exponential backoff when you receive a 429
  • Batch operations where possible (e.g., use terminateEmployeeGrants instead of multiple individual calls)
  • Cache responses that don’t change frequently (e.g., listGrantConfigurations, getTokenTypes)

Best Practices

  1. Always check the status code before parsing the response body
  2. Log error details — the details field often contains actionable information
  3. Implement retries for 500 errors with exponential backoff
  4. Don’t retry 400, 401, 403, or 404 errors — fix the request first
  5. Handle token expiry gracefully — call refreshUserApiToken when you get a 401 with an expiry message