Error Codes
| Field | Details |
|---|---|
| Status | Active |
| Last Updated | 04-22-2026 |
Purpose
To standardize error codes across all APIs and services for consistent error handling
Scope
Applies to: All backend services, APIs, frontend error handling
Does not apply to: Third-party service errors
Rules
- Always use below error codes
- If new error code are required always add it here and then implement
- Use this for reference Error Responses
Error Categories
1. Client Errors (4xx)
| Code | Description |
|---|---|
| INVALID_REQUEST | Malformed request or missing required fields |
| BAD_REQUEST | General validation failure |
| UNAUTHORIZED | Authentication required or failed |
| FORBIDDEN | Authenticated but no permission |
| NOT_FOUND | Resource not found |
| METHOD_NOT_ALLOWED | HTTP method not supported |
| CONFLICT | Resource state conflict (duplicate, etc.) |
| UNPROCESSABLE_ENTITY | Business validation failed |
| RATE_LIMIT_EXCEEDED | Too many requests |
2. Authentication & Authorization Errors
| Code | Description |
|---|---|
| INVALID_CREDENTIALS | Invalid username or password |
| INVALID_TOKEN | Token is malformed or invalid |
| TOKEN_EXPIRED | Token has expired |
| UNAUTHORIZED | Missing authentication |
| FORBIDDEN | Insufficient permissions |
Security Note
- Always return
INVALID_CREDENTIALSfor login failures - Do NOT expose whether:
- user exists
- password is wrong
Correct Example:
{
"status": 401,
"code": "INVALID_CREDENTIALS",
"message": "Invalid username or password"
}
Exceptions
No exceptions.
Related Documents
Changelog
| Version | Date | Author | Change |
|---|---|---|---|
| 1.0.0 | 04-22-2026 | Tibin Sunny | Initial version |