application/problem+json. Branch on the HTTP status
for flow control and on the code field for specifics.
Error shape
An RFC 9457 URN identifying the error class (
urn:creatoraudit:error:…).Short, human-readable summary of the error class.
The HTTP status code, repeated in the body.
Human-readable explanation specific to this occurrence.
Stable, machine-readable identifier (for example,
NOT_FOUND). Branch on this.The path of the request that failed.
Correlation ID for this request, mirroring the
X-Request-ID response header.Validation errors
A422 (code: VALIDATION_ERROR) additionally carries an errors array
describing each field that failed validation (an example entry is shown below):
Status codes
| HTTP | code | Meaning |
|---|---|---|
| 400 | BAD_REQUEST | Malformed request. |
| 401 | UNAUTHORIZED | Missing or invalid API key. |
| 403 | FORBIDDEN | Inactive key or subscription. |
| 403 | INSUFFICIENT_SCOPE | Key lacks the required scope. |
| 403 | QUOTA_EXCEEDED | Account quota reached. |
| 404 | NOT_FOUND | Resource not found in your organization. |
| 406 | NOT_ACCEPTABLE | Accept header not satisfiable as JSON. |
| 409 | CONFLICT | State conflict (for example, a duplicate). |
| 415 | UNSUPPORTED_MEDIA_TYPE | Write body is not JSON. |
| 422 | VALIDATION_ERROR | Request failed validation. |
| 429 | RATE_LIMITED | Rate limit exceeded. |
| 500 | INTERNAL_ERROR | Unexpected server error. |
| 502 | UPSTREAM_ERROR | Upstream provider error. |
| 503 | SERVICE_UNAVAILABLE | Temporarily unavailable; retry. |
429 handling and back-off live
in Rate limits.
Handle errors robustly
- Branch on status, then
code. Use the HTTP status for coarse flow (retry, reauthenticate, surface to the user) andcodefor precise handling — for example, distinguishingINSUFFICIENT_SCOPEfromQUOTA_EXCEEDEDwithin403. - Read
errorson422. Map each{ field, message }back to the input that caused it. - Always capture
X-Request-ID. Log it (or therequest_idbody field) with every failure so support can correlate a call to its server-side event. - Retry the right ones. Retry
429and503with back-off and honorRetry-After; do not blindly retry4xxvalidation or auth errors — fix the request instead. - Parse defensively. Treat any non-
2xxas a problem document and readcoderather than string-matching ondetail.
5xx, include the X-Request-ID when you contact
support@creatoraudit.com.