Overview
Every error response — regardless of endpoint or HTTP status — uses the same JSON envelope. Parse it once and reuse that logic across your integration.Error envelope
details array is included alongside the fields above:
A stable, namespaced error code in
<resource>.<reason> format (for example, chip.not_found). Branch your error-handling logic on this field — it is guaranteed not to change meaning.A human-readable description of the error. Useful for logging and debugging,
but do not parse or match against this string in code — its wording may
change without notice.
A unique identifier for the request, formatted as
req_<uuid>. This matches the X-Request-Id response header. Log it and include it in any support request so Endstate can locate the request in server-side logs.A URL pointing to the documentation for this error code (the error code
reference below).
Present only on
validation.failed responses. Each item identifies a specific
field and the validation issue that failed.Best practices
Branch onerror.code, not on message or HTTP status.
error.codeis stable and namespaced. It is the correct signal for programmatic branching.error.messageis human-readable prose that may change without notice. Never parse orswitchon it.- HTTP status codes are a useful coarse signal (see below), but multiple distinct error codes share the same HTTP status. For example, both
auth.unauthorizedandsession_token.invalid_or_expiredreturn401. Branching on the status alone is not precise enough to handle them differently.
error object over time. Write your error handler to treat any unrecognized code as a generic failure rather than throwing on an unexpected value.
Log request_id on every error.
The request_id field (also available as the X-Request-Id response header) uniquely identifies the server-side execution of that request. Always capture it alongside error details. When you contact support, include this value — it is the fastest way to locate and diagnose the problem.
HTTP status classes
The Endstate API uses standard HTTP status semantics. Branch on the class (the hundreds digit) rather than exact status codes.Plain HTTP requests receive a
426 Upgrade Required response. HTTPS is
required for all API calls.Error code reference
Authentication
Cross-organization resource access returns
404 rather than 403 to avoid
revealing that the resource exists.Session tokens
Chips
Chip replacements
Units
Claims
Transfers
Collections
Generic and rate limiting
Specific rate limits and quotas are set per organization during onboarding.
Treat any
429 as retryable with exponential backoff.Next steps
Pagination
Learn how to iterate through large result sets with cursor-based pagination.
API reference
Full request and response schemas for every endpoint.

