Skip to main content
[AVAILABLE]. Every row below was triggered against a live server this session or the session that produced REST API Introduction, not inferred from reading source. See Error handling for the envelope shape this table assumes.

Authentication

StatusCodeMessageConditionWhat to do
401noneauthentication requiredAuthorization header missing, not a Bearer <key>, or the key doesn’t match a configured hashSend a valid key from Authentication. Not retryable without fixing the header.

Validation (caller’s request is malformed)

StatusCodeMessageConditionRoutesWhat to do
400nonebusinessTransactionId must be a valid UUID.businessTransactionId present but not a valid UUID v1-v5POST /execute, POST /transactions, POST /verify, POST /receiptFix the ID format. Not a transient failure.
400nonebusinessTransactionId is required.businessTransactionId missing entirelyPOST /replayInclude the field. /replay checks presence only, not UUID format, unlike the routes above.
400noneauthorization.authorityId must match authority.authorityId.A Business Transaction trust-chain invariant failed (BusinessTransactionValidationError)POST /execute, POST /transactionsFix the request body’s internal consistency; this is one example invariant among several the shared validator enforces.
400none{"valid":false,"errors":["policyId is required."]} / ["policyVersion is required."]policyId or policyVersion missing/empty, checked in that order, first miss short-circuitsPOST /policies/validateSupply both fields. This route never uses the shared {error} envelope, see Error handling.

Not found

StatusCodeMessageConditionRoutesWhat to do
404nonePolicy '<name>' version '<version>' was not found.transaction.policy.name/version doesn’t match any published Policy (PolicyNotFoundError)POST /execute, POST /transactionsPublish the policy first, or fix the name/version in the request.
404none{"valid":false,"errors":["Policy '<name>' version '<version>' was not found."]}Same condition as above, different envelopePOST /policies/validateSame fix; this route reshapes the error locally instead of using the shared handler.
404noneBusiness Transaction not found.No Business Transaction exists for the path IDGET /transactions/{id}Confirm the ID; nothing to retry.
404VERIFICATION_FAILEDExecution Trust Record not found.No Execution Trust Record exists for businessTransactionId (VerificationFailedError, reused across three POST routes)POST /verify, POST /receipt, POST /replayConfirm the record exists via GET /trust-records/{id} first.
404noneExecution Trust Record not found.Same underlying condition, but reached via a GET, no code field on this pathGET /verification/{id}, GET /receipt/latest/{id}, GET /trust-records/{id}Same fix; note the code field’s presence depends on which route you called, not on the underlying cause.
404noneVerification not found.Record exists but has no Verification yetGET /verification/{id}In practice every Execution produces a Verification synchronously, this is an edge case for records that haven’t completed that step.
404noneReceipt not found.Record exists but has no Receipt yetGET /receipt/latest/{id}Call POST /receipt first, or the record’s Execution hasn’t reached that stage.

Conflict

StatusCodeMessageConditionRoutesWhat to do
409noneBusiness Transaction '<id>' already exists.A Business Transaction with this businessTransactionId already exists (DuplicateBusinessTransactionError)POST /execute, POST /transactionsThis is not a transient failure to retry. Fetch the existing record instead, see Idempotency and nonces.
409RECEIPT_GENERATION_FAILEDExecution Trust Record must be successfully verified before a Receipt can be generated.The record exists but its latest Verification isn’t VERIFIEDPOST /receiptCall POST /verify first and confirm status: VERIFIED before requesting a Receipt.

Server-side (500)

StatusCodeMessageConditionRoutesWhat to do
500RUNTIME_ERRORExecution rejected: <policy-specific reason>Policy evaluation returned REJECTED (a RuntimeError, no dedicated status of its own)POST /execute, POST /transactionsThis is a real, observed pipeline outcome, not a bug: the request was well-formed but the business decision was no. Read the reason string; it names the specific Policy condition that failed.
500noneInternal Server ErrorA structurally incomplete but UUID-valid body (for example, businessTransactionId present but metadata missing) throws an unhandled TypeError inside BusinessTransactionValidator.validate before any typed error class is constructedPOST /execute, POST /transactionsSend every required nested object from the OpenAPI reference’s request schema. The generic message hides the real cause; it is visible only in server logs.
500noneInternal Server ErrorRegression, verified this pass: no Connector is registered for the request’s action. Previously reached the client as a coded RuntimeError ("No connector registered for action: <action>.", code: RUNTIME_ERROR); it no longer does, see Error handling for the mechanism.POST /execute, POST /transactionsUse a registered action (payments:execute is the only one wired by default, see Add a connector). This is flagged as a product regression to fix in packages/connector-sdk, not a documentation issue.

What’s deliberately not here

This catalog lists errors from the 14 routes in packages/api/src/app.ts. It does not cover exceptions raised only in code paths unreachable from the HTTP API (for example, internal validator classes that never escape a route handler uncaught), or client-side SDK exceptions, see Python SDK and TypeScript SDK for how each wraps these same HTTP responses.