Error codes

Every error response has the shape {code, message, remediation, docs_url, request_id}. Include the request_id when reporting problems.

INVALID_REQUEST

The request body or parameters failed validation. The message lists the offending fields.

UNAUTHORIZED

Missing, malformed, expired, or revoked credential.

FORBIDDEN

The credential is valid but lacks the required scope.

AUTH_CHALLENGE_EXPIRED

The SIWE nonce is unknown, already used, or expired. Nonces are single-use.

AUTH_SIGNATURE_INVALID

Signature verification failed, or the SIWE message fields do not match this environment.

IDEMPOTENCY_CONFLICT

The Idempotency-Key was already used with a different payload.

NOT_FOUND

The resource does not exist or does not belong to this account.

RATE_LIMITED

Too many requests. Respect Retry-After; unauthenticated endpoints are limited per IP at the edge.

VENUE_UNAVAILABLE

No execution venue answered. Transient; retry shortly.

POLICY_VIOLATION

The request exceeds what the wallet's active policy authorizes. The message names the violated rule.

BUDGET_EXCEEDED

The spend would exceed a policy budget or velocity limit (see pre-flight POST /v1/checks).

COUNTERPARTY_BLOCKED

The counterparty is on a screening list (e.g. OFAC SDN) and the policy requires screening.