Errors
The REST API uses standard HTTP status codes and returns a JSON error body:
{ "error": "unauthorized", "message": "Missing or invalid API key" }
# Status codes
| Status | error |
When |
|---|---|---|
400 |
invalid-argument |
Malformed body or a missing required field. |
401 |
unauthorized |
Missing, invalid, or revoked API key. |
403 |
forbidden / failed-precondition |
Beyond your plan’s entitlement (e.g. minting serialized codes without Enterprise, or over a quota). The limit is in the message. |
404 |
not-found |
No link/campaign/job with that id, or not owned by your account. |
429 |
rate-limited |
Per-key rate limit exceeded — back off and retry. |
5xx |
internal |
Something went wrong our end; safe to retry idempotent reads. |
# Ownership
Every read and write is scoped to the account the API key resolves to. Requesting another
account’s link or campaign returns 404 (not 403) — we don’t reveal that it exists.
# Async jobs
Batch and serialized mint jobs accept the request
(200, queued), then surface failures in the job status (status: "failed" with a
reason), not in the original HTTP response. Always poll the job.
# Verification
The public verification endpoints never error on an unknown serial —
they return status: "unknown" (a fake/un-issued code is a meaningful answer, not a 404).
# Next
- Authentication · the full API reference.