API Integration
Error Handling
HTTP status codes, error format, and common errors
Error Response Format
All errors follow a consistent JSON format:
{
"error": "ERROR_CODE",
"message": "Human-readable description of the error"
}Validation errors include a details array:
{
"error": "VALIDATION_FAILED",
"message": "Offer payload failed validation",
"details": [
"purchase_price_floor must be a positive number",
"buy_rate must be >= 1.0"
]
}HTTP Status Codes
| Code | Meaning | When |
|---|---|---|
| 200 | Success | Update, patch, or delete completed |
| 201 | Created | New offer created |
| 400 | Bad Request | Malformed JSON, missing required fields, validation failure |
| 401 | Unauthorized | Missing/invalid API key, bad signature, expired timestamp |
| 403 | Forbidden | API key lacks required scope |
| 404 | Not Found | Deal ID doesn't exist or belongs to different funder |
| 409 | Conflict | Version mismatch (optimistic concurrency) |
| 429 | Rate Limited | Too many requests — back off and retry |
| 500 | Internal Error | Server-side issue — contact support |
Common Errors
SIGNATURE_INVALID
Your HMAC signature doesn't match. Common causes:
- Wrong HMAC secret
- JSON serialization mismatch (whitespace, key ordering)
- Request body was modified after signing
TIMESTAMP_EXPIRED
The X-Timestamp header is more than 5 minutes old. Check your server clock is synced via NTP.
VERSION_CONFLICT
Another update happened between your read and write. Fetch the latest version number and retry:
GET /api/v1/{funder}/offers/{dealId}
→ get current version
→ retry PUT/PATCH with new versionVALIDATION_FAILED
The offer payload failed business rule validation. Check the details array for specific field errors. Common issues:
purchase_price_floor>purchase_price_ceilingbuy_rate< 1.0max_upsell< 0num_payments_floor>num_payments_ceiling- Fee
floor>ceilingfor adjustable fees - Invalid
base_frequencyvalue
Rate Limits
Default rate limits per API key:
| Limit | Value |
|---|---|
| Requests per minute | 60 |
| Requests per second | 5 |
Rate limit headers are included in every response:
X-RateLimit-Limit— requests allowed per windowX-RateLimit-Remaining— requests remainingX-RateLimit-Reset— Unix timestamp when the window resets
When rate limited (429), wait until X-RateLimit-Reset before retrying.