Skip to main content

Error Codes

Qefro REST errors typically return JSON with a machine-readable code and human message (see API ApiError shape). Always branch on HTTP status + code, not message text alone.

Short definition (citation-ready)

Qefro APIs signal failures with standard HTTP statuses and a structured error payload so clients can retry, re-authenticate, or surface RBAC problems correctly.

Common situations

HTTPTypical meaningWhat to check
400Bad request / validationJSON shape, required fields
401UnauthenticatedMissing/expired user JWT or widget token
403ForbiddenMember lacking Admin rights or workspace grant
404Not foundWrong id, wrong tenant, deleted resource
409ConflictIdempotent replay, unique constraint (e.g. billing)
422Semantic validationBusiness rule failed
429Rate limitedBack off; see Rate Limits
5xxServer / upstreamRetry with jitter; check status with support

Example error payload

{
"code": "forbidden",
"message": "You do not have access to this workspace"
}

Exact code strings can evolve — log them and map conservatively in clients.

Workflow

Debug an API failure

  1. Read status + codeDo not parse HTML error pages.
  2. Confirm credential typeUser JWT vs widget token vs admin.
  3. Confirm tenant/workspaceIds from the correct org.
  4. Retry only if safeGET/idempotent POST; not duplicate payments.
  5. Check logsTool logs / audit logs for server-side clues.

Billing / webhook note

Payment webhooks may record error_code / error_reason / error_description on failed payments. See Webhooks and Billing UI.

FAQ

Should clients show raw codes to end users?
No. Map to friendly copy. Keep codes in logs for support.
Are GraphQL errors the same?
GraphQL uses its own error array; still inspect auth headers first on 401/403 HTTP wrappers.