The our APIs return standard HTTP status codes for request responses. If an error occurs, more information will be provided in the response.

anchorInvalid Authorization header (400)

All API requests require an 'Authorization' header, containing a Bearer token. The value of this header must be of the form Bearer <token string>. Else, the request will not be processed, and you will get a 400 response. See Authentication for how to get a token.

anchorInvalid Access Token (401)

The token provided in Authorization header must be valid (unaltered) and unexpired. Else, you will get 401 Unauthorized response and the request will not be processed. See Authentication for how to get a token.

anchorOperation is Forbidden (403)

All API requests require a variety of scopes. In order to interact with a given API, a user's token needs to have the correct scope, or else they will be forbidden from interacting with the API.

Additionally, some APIs require the user to have an administrator role.

anchorToo Many Requests (429)

Too many requests have been sent in a given amount of time so the request has been rate limited. The request has a valid token and has not been processed. The 429 response will have proper CORS headers, but will not have a body.

See Rate Limiting for details.

anchorError Response Body

If an API request returns with an error, the error response (with CORS headers) will follow this format:

{
    "errors": [
        {
            "key": 400,
            "message": "Authorization header is missing or empty"
        }
    ],
    "trackingId": "GTWY_12345678-90ab-cdef-1234-567890abcdef_0"
}

Tracking ID

When contacting support for questions or debugging a specific request, please include the Tracking ID (".trackingId in error response) so we can easily find the request logs.