code field is a stable, machine-readable identifier — match on it instead of the
human message, which can change. Each error’s doc_url links straight to its
entry on this page.
New to handling our errors? Start with the Error handling guide
for the response shape, how to catch errors, and how to respond to each error type.
Authentication and access
authentication_required
401 — YourAuthorization header is missing or invalid. Send your API key as a
Bearer token: Authorization: Bearer mk_live_…. See Authentication.
SOCIAL_TOKEN_EXPIRED
401 — The connected social account needs to be reconnected (its token expired or was revoked). Reconnect the account in Social Connections, then retry.SOCIAL_CONNECT_FAILED
400 — We couldn’t finish connecting a social account. Usually the OAuth authorization code expired (the user took too long on the platform’s consent screen) or was already used. Start the connection again.permission_denied
403 — Your key is valid but can’t access this resource. Usually the business doesn’t belong to your organization, or your plan doesn’t include API access. Check the business ID and your org’s plan.INVALID_API_KEY
422 — A third-party key you supplied (for example an OpenRouter or Gemini key) isn’t valid. Check the key and save it again.Invalid requests
validation_error
422 — The request body failed validation. Theparam field names the first
offending field; if several fields failed, read error.details for the full list.
missing_field
400 — A required field is missing. Theparam field tells you which one.
invalid_value
400 — A field has a value that isn’t allowed. Checkparam and message for
the specifics.
invalid_request
400 — The request couldn’t be processed and no more specific code applies. Readmessage for the reason.
resource_not_found
404 — The ID doesn’t exist, was deleted, or doesn’t belong to your organization. Check the ID and try again.already_exists
409 — A resource with that name or ID already exists. Use a different value.Plans, billing, and credits
PAYMENT_REQUIRED
402 — This feature needs a paid plan. Upgrade to use it.INSUFFICIENT_CREDITS
402 — Your organization is out of credits. The response includesrequired_credits so you can show how many more are needed. Add credits or upgrade,
then retry.
BUSINESS_CREDIT_LIMIT_EXCEEDED
402 — The workspace hit a monthly credit cap set by the org admin (different from running out of credits). The admin needs to raise the cap. A sub-account can’t self-serve here.CHECKOUT_BLOCKED
400 — Recent payment attempts were flagged by our payment processor, so checkout is blocked. Contact support to continue.SUBSCRIPTION_ALREADY_ACTIVE
409 — The organization already has an active or trialing subscription, so there’s nothing to check out. Manage the plan in account settings instead.Limits and quotas
rate_limit_exceeded
429 — You sent too many requests. Back off and retry. These response headers are sent on every API-key response (including the 429 itself, so a throttled client always learns when to retry):| Header | Meaning |
|---|---|
X-RateLimit-Limit | Max requests for the window that’s closest to its cap (100/minute, 2,000/day, or 10,000/week) |
X-RateLimit-Remaining | Requests left in this window (0 on a 429) |
X-RateLimit-Reset | UNIX epoch (seconds) when the window resets — an absolute timestamp, matching GitHub/Stripe. Compute the wait as X-RateLimit-Reset - now. |
Retry-After | Seconds to wait before retrying — a delta (relative seconds), per the HTTP standard. Prefer this for simple back-off. |
