Errors
Error response shape, common codes, and rate-limit notes.
Management API errors use a JSON envelope with a stable code where the backend can
classify the failure.
{
"success": false,
"code": "VALIDATION_ERROR",
"message": "Request does not match the schema"
}Common codes
| HTTP | Code | Meaning |
|---|---|---|
400 | VALIDATION_ERROR | Request query, body, or params do not match the schema. |
400 | bad_request | The request is syntactically valid but missing an action-specific field or invalid for the resource. |
401 | unauth | Dashboard session is missing or invalid. |
401 | api_key_invalid | Management API key is missing, malformed, unknown, or hash verification failed. |
401 | api_key_expired | Management API key is past its expiration time. |
401 | api_key_revoked | Management API key has been revoked. |
403 | insufficient_scope | The key does not include the scope required by the route or action. |
403 | application_forbidden | The key is restricted away from the requested application. |
403 | session_required | The route accepts only dashboard session authentication. |
404 | not_found | The requested application or related resource was not found for the account. |
429 | rate_limit_reached | A global or route-specific rate limit was exceeded. |
500 | INTERNAL_ERROR | Unhandled server error. The message contains an error id. |
Validation errors
Schema validation currently returns the generic message:
{
"success": false,
"code": "VALIDATION_ERROR",
"message": "Request does not match the schema"
}Check the route reference for exact field names, accepted enum values, and required query parameters.
Rate limits
The backend has a global rate limit. Some routes add tighter limits:
| Route | Limit |
|---|---|
POST /api/v1/panel/api-keys | 10 creates per hour. Session-only. |
PATCH /api/v1/panel/update-api-keys | 2 application runtime key rotations per hour. |
Search parameters
Table endpoints accept searchParams as a JSON string. URL-encode the JSON before
placing it in the query string.
{
"searchString": "john",
"categories": ["Login"]
}If the JSON is malformed or uses an unsupported category, the route can return
VALIDATION_ERROR or a table response with no matches, depending on where parsing is
performed.