Errors
Valora uses standard HTTP status codes and JSON error responses.
Common status codes
| Status | Meaning | Recommended handling |
|---|---|---|
400 Bad Request |
The request is malformed or unsupported. | Check the endpoint documentation and request shape. |
401 Unauthorized |
The token is missing, invalid, expired, or the wrong token type. | Re-authenticate, refresh, or replace the token. |
403 Forbidden |
The token is valid but not allowed to access the resource. | Confirm account type, permissions, and environment. |
404 Not Found |
The resource was not found, or no records matched filters where documented. | Check identifiers and treat documented empty list responses as no-results states. |
422 Unprocessable Entity |
Validation failed. | Read the errors object and correct the submitted fields. |
429 Too Many Requests |
Rate limit exceeded. | Back off and retry later. |
500 Internal Server Error |
Unexpected server error. | Retry later for idempotent requests and contact support if it persists. |
503 Service Unavailable |
Temporary unavailability. | Retry with backoff. |
Validation errors
Validation failures return 422 Unprocessable Entity.
{
"message": "The given data was invalid.",
"errors": {
"email": [
"The email field is required."
]
}
}
Authentication errors
Missing or invalid bearer credentials return 401 Unauthorized.
{
"message": "Unauthenticated."
}
Valid credentials with the wrong account type or insufficient access return 403 Forbidden.
{
"message": "Access denied."
}
Operational errors
For 429, 500, and 503 responses, clients should avoid immediate tight retry loops. Use exponential backoff with a maximum retry count and log the failed request metadata without logging secrets.