v1Changelog

Error Handling

How the API signals failure, what the common HTTP statuses mean, and how to troubleshoot.

Error response shape

Errors use the same envelope as success responses, with success: false and a descriptive message:

{
  "data": null,
  "success": false,
  "message": "Validation failed: financialInstitutionId is required",
  "timestamp": "2026-06-03T10:15:30.000Z"
}
๐Ÿ“˜ Note

The exact error body fields (e.g. whether an errorCode or errors[] array is included) are To be confirmed โ€” the source collection does not capture populated error responses. Always branch on the HTTP status code and the success flag.

Common HTTP status codes

StatusMeaningLikely causeRecommended action
200OKRequest succeeded.Process data.
201CreatedResource created.Read the new id from data.
400Bad RequestMissing/invalid fields, malformed JSON, wrong content type.Validate the body against the field reference; check required fields and types.
401UnauthorizedMissing/expired/invalid token.Re-authenticate or refresh the token; ensure Authorization: Bearer is set.
403ForbiddenAuthenticated but lacks the required role/module action.Check the user's role and module entitlements (RBAC).
404Not FoundUnknown id, code, or path (watch singular/plural paths).Verify the id and the exact endpoint path.
409ConflictDuplicate entity (e.g. an FI or key that already exists).Fetch the existing record or update instead of create.
422Unprocessable EntitySemantic validation failure.Review business constraints for the resource.
429Too Many RequestsRate limiting (if enforced at the gateway).Back off and retry with jitter. See Security โ†’ Rate limiting.
500Server ErrorUnhandled server-side failure.Retry idempotent reads; capture x-correlation-id and contact support.
503Service UnavailableA downstream service/core is unreachable.Check POST /v1/onboarding/healthstatus and retry later.
โ— Status set is representative

The status codes above are the conventional set for this style of API. The definitive list returned by each endpoint is To be confirmed against the service.

Platform error-code catalog

The platform maintains a catalog of business error codes, retrievable at runtime:

POST /v1/onboarding/error-codes/list?page=0&size=150
Authorization: Bearer <JWT_TOKEN>

This returns a paged list of { code, message, ... } entries. The concrete codes and messages are not enumerated in the source collection and are therefore To be confirmed; query this endpoint in your environment for the authoritative set.

Troubleshooting checklist

  1. 401 right after login? Confirm you sent the token from the login response's data field (not the whole envelope), prefixed with Bearer .
  2. 404 on a write? Re-check singular vs plural paths (/financialInstitution to create, /financial-institutions to update; /transaction-capability vs /transaction-capabilities; terminal keys at /v1/terminal-key).
  3. 400 with valid-looking JSON? Ensure Content-Type: application/json; for the SSO token endpoint use application/x-www-form-urlencoded; for sub-tenant creation use multipart/form-data.
  4. Intermittent 5xx? Check service health and include the x-correlation-id you sent when raising a support ticket.
๐Ÿ’ก Tip

Always send a unique x-correlation-id. It is echoed in responses and logs, turning a vague "it failed" report into a traceable request.