Error Handling
Error Handling
The API uses standard HTTP status codes and returns structured error responses.
HTTP status codes
| HTTP Status | Description |
|---|---|
| 200 | Success |
| 400 | Invalid argument or failed precondition |
| 401 | Authentication error (malformed credentials) |
| 403 | Permission denied (missing or invalid API key) |
| 404 | Resource not found |
| 409 | Conflict (e.g. idempotency key collision) |
| 500 | Internal server error |
| 503 | Service unavailable |
| 504 | Request timeout |
Error response format
All errors return a JSON object with message and code fields:
{
"message": "A human-readable description of the error.",
"code": 3
}The code field is the underlying gRPC status code number.
Validation errors
Invalid request parameters return HTTP 400 with a message indicating the problematic field:
HTTP/1.1 400 Bad Request{
"message": "Invalid argument at \"email\": This must be a valid email address.",
"code": 3
}Resource not found
Requesting a resource that doesn't exist returns HTTP 404:
HTTP/1.1 404 Not Found{
"message": "Resource \"accounts/acct_ACCOUNT_ID/customers/cus_INVALID\" (of type \"Customer\") not found.",
"code": 5
}Idempotency errors
If two concurrent requests use the same idempotency key, the second request returns HTTP 409:
HTTP/1.1 409 Conflict{
"message": "Another request with idempotency key \"fb_idem_key_...\" is in progress.",
"code": 10
}If a request reuses an idempotency key with a different request body, the API returns HTTP 400:
HTTP/1.1 400 Bad Request{
"message": "Mismatch between stored request body for idempotency key and received request body. When retrying idempotent requests, please ensure the request body is identical.",
"code": 3
}Payment errors
When a payment fails, the payment intent's response includes a payment_error object with more detail:
Failure codes
| Code | Description |
|---|---|
UNKNOWN | An unknown internal error occurred |
DEVICE_BUSY | The payment device is performing another operation |
DEVICE_OFFLINE | Cannot reach the payment device |
DEVICE_OPERATION_CANCELLED | The operation was cancelled by the operator on the device |
DEVICE_OPERATION_EXPIRED | The operation did not complete within 2 minutes |
PAYMENT_METHOD_PROVIDER_DECLINE | Declined by the issuer or customer |
PAYMENT_METHOD_PROVIDER_TIMEOUT | Timeout from the payment provider |
PAYMENT_METHOD_NOT_AVAILABLE | Payment method is temporarily unavailable |
Decline codes
When the failure code is PAYMENT_METHOD_PROVIDER_DECLINE, a more specific decline_code is included:
| Decline Code | Description |
|---|---|
DO_NOT_HONOR | Declined for an unknown reason |
INSUFFICIENT_FUNDS | Not enough funds on the card |
CARD_VELOCITY_EXCEEDED | Card usage limits exceeded |
TRANSACTION_NOT_ALLOWED | Transaction type not permitted |
INCORRECT_NUMBER | Invalid card number |
INCORRECT_CVC | Invalid CVC code |
INCORRECT_EXPIRY | Invalid expiration date |
INCORRECT_PIN | Invalid PIN |
EXPIRED_CARD | The card has expired |
CALL_ISSUER | The cardholder should contact their issuer |
PICK_UP_CARD | The card cannot be used |
LOST_CARD | The card has been reported lost |
STOLEN_CARD | The card has been reported stolen |
FRAUDULENT | The card has been flagged as fraudulent |
GENERIC_DECLINE | A generic decline with no additional detail |
Payment error structure
{
"code": "PAYMENT_METHOD_PROVIDER_DECLINE",
"decline_code": "INSUFFICIENT_FUNDS",
"message": "The card has insufficient funds.",
"payment_method": "accounts/acct_YOUR_ACCOUNT/payment-methods/pm_PAYMENT_METHOD_ID"
}Updated about 1 month ago