Skip to main content

Errors

CashXChain uses standard HTTP status codes and a consistent structured JSON error response across all endpoints.


Error format

All errors return the same top-level shape:

{
"success": false,
"error": "insufficient_scope",
"message": "api key missing required scope: payments:write",
"details": "scope: payments:write"
}
FieldTypeDescription
successfalseAlways false on error responses.
errorstringStable machine-readable code. Safe to match programmatically.
messagestringHuman-readable description. Do not parse — may change.
detailsstring | nullOptional extra context (e.g. field name, resource ID).

HTTP status codes

StatusMeaning
400 Bad RequestRequest body or parameters are invalid.
401 UnauthorizedAuthentication failed — missing, invalid, or expired credential.
403 ForbiddenCredential valid but insufficient permissions for this operation.
404 Not FoundResource does not exist or is not accessible to the caller.
409 ConflictDuplicate resource or invalid state transition.
422 Unprocessable EntityRequest is valid JSON but semantically cannot be processed.
429 Too Many RequestsRate limit exceeded.
500 Internal Server ErrorUnexpected server error.
503 Service UnavailableBackend or downstream partner temporarily unavailable.

Authentication and authorization errors

CodeHTTPMeaning
authentication_required401No Authorization header and route requires authentication.
invalid_api_key401Key not found, revoked, or hash does not match. Identical response for non-existent and revoked keys to prevent enumeration.
token_expired401JWT exp claim has passed.
invalid_token401JWT signature invalid, malformed, or algorithm mismatch.
insufficient_scope403Restricted key does not have the required scope for this operation.
publishable_key_write_denied403Publishable key (pk_) attempted a write method.
dashboard_access_denied403Regular API key (sk_/pk_/rk_) attempted a dashboard route that requires JWT or master key.
environment_mismatch403Key prefix environment (sandbox/live) does not match the API base URL.

Resource errors

CodeHTTPMeaning
resource_not_found404Resource does not exist or is not accessible to the calling account.
payment_not_found404Payment UUID not found.
transfer_not_found404Transfer UUID not found.
quote_not_found404FX quote UUID not found or expired.

Payment and transfer errors

CodeHTTPMeaning
insufficient_funds422Sender balance is below the requested transfer amount.
sender_no_coinbase_wallet422Sender attempted a USDC/EURC transfer but has no Solana wallet provisioned.
recipient_not_found422Recipient email is not registered on CashXChain.
phantom_recipient422Recipient account exists but has no partner links (no wallet or bank provisioned).
external_send_blocked400External bank send rejected in sandbox — bank details do not match a registered sandbox user.
invalid_currency400Currency code is not supported by the selected partner.
invalid_partner400Partner slug is not recognised or not enabled for this environment.
customer_not_linked400Customer is not enrolled with the specified partner.

FX errors

CodeHTTPMeaning
quote_expired422FX quote TTL has passed (30-second window).
quote_already_consumed409FX quote has already been executed.
unsupported_pair400No rate available for the requested currency pair. Sandbox supports: USD/EUR, USD/GBP, EUR/GBP and inverses.
corridor_unavailable503Currency or country corridor is not currently enabled.

Idempotency errors

CodeHTTPMeaning
idempotency_key_missing400Write route requires an Idempotency-Key header but none was provided.
idempotency_conflict409The same Idempotency-Key was used with a different request body.

Account and compliance errors

CodeHTTPMeaning
account_not_active403Account KYB status is not active — cannot transact.
requires_action403Additional information or approval is required before this operation can proceed.
cross_account_access_denied403Non-admin caller attempted to access a resource belonging to another account.

Partner errors

CodeHTTPMeaning
partner_unavailable503Downstream payment partner is temporarily unavailable. Retry with exponential backoff.
partner_error502Partner returned an unexpected error. The operation may or may not have been processed — check GET /v1/payments/{id} or GET /v1/transfers/{id}.

Validation errors

CodeHTTPMeaning
invalid_request400Request body or query parameters are missing required fields, wrong types, or failed validation rules.
invalid_country_code400country_code is not a valid ISO 3166-1 alpha-2 code.
invalid_currency400currency is not a valid ISO 4217 code or is not supported on this route.
invalid_key_type400type must be secret, publishable, or restricted.

Rate limit errors

CodeHTTPMeaning
rate_limit_exceeded429Too many requests. Retry after the duration indicated in the Retry-After response header.

Debugging

All requests are automatically logged. Reference a request by its log ID when contacting support:

GET /v1/request-logs/{id}

This returns the full request and response body for that request. List recent logs with:

GET /v1/request-logs?limit=100

Safe retries

All write routes are idempotent when an Idempotency-Key header is supplied. Repeating the same key with the same body returns the cached response without re-executing the operation — safe on network errors, timeouts, and 5xx responses.

Do not retry on 400, 401, 403, or 409 — these indicate a client-side error that will not resolve on retry.