Errors
All error responses follow a consistent format.
Error format
{
"error": "Description of what went wrong"
}
HTTP status codes
| Status | Meaning | Common causes |
|---|---|---|
400 | Bad Request | Malformed JSON, missing required fields |
401 | Unauthorized | Missing API key, invalid API key, expired API key |
500 | Internal Server Error | Evaluation engine failure, database error |
Common errors
Missing API key
HTTP 401
{ "error": "Authentication required" }
Ensure you're passing the Authorization header with a valid API key.
Invalid API key
HTTP 401
{ "error": "Invalid API key" }
The API key doesn't exist or has been revoked. Check the key in the Console.
Expired API key
HTTP 401
{ "error": "Invalid API key" }
The API key has passed its expiration date. Create a new key in the Console.
Invalid request body
HTTP 400
{ "error": "Key: 'EvaluationRequest.Subject.ID' Error:Field validation for 'ID' failed on the 'required' tag" }
Check that your request body includes all required fields.
Best practices
- Handle
401errors by checking your API key configuration. - Handle
400errors by validating your request before sending. - On
500errors, implement retry with exponential backoff. - Default to deny if the AuthzX API is unreachable — fail closed, not open.