Error Codes Reference

Can not determinate user IP.

Failed to detect user IP address from HTTP request.

Rate limit exceeded

You have exceeded the rate limit for requests. Please try again later.

User must be authorized

User is not logged in.

Organisation context is required

Provide a valid organization ID or slug.

Resource not found.

A specific resource referenced by the request (a record id, slug, hash or token) does not exist in the organisation scope, has been deleted, or the caller has no permission to see it. Attach the missing identifier as parametric context — e.g. `throw ApiError("INTERNAL_RESOURCE_NOT_FOUND", "Calendar 42")`.

Request payload failed validation.

The server-side validator rejected a field value that the typed body schema could not catch (format, length, cross-field consistency, multi-tenant ownership, etc.). The offending field and constraint should be passed as parametric context — e.g. `throw ApiError("INTERNAL_VALIDATION_FAILED", 'reserveFrom must be a relative-time string')`.

Inserting order failed

An error occurred while inserting the order into the database. Failed to create order after multiple attempts

Organisation not found or user is not a member.

The specified organisation does not exist, or the user is not a member of the organisation.

Fio API is temporarily unavailable.

The upstream Fio bank API did not return a parseable response within the timeout window. The most common causes are scheduled Fio maintenance, a token that was just rotated, or a brief network glitch between Vercel and Fio. The raw response body is appended to the error message for debugging.

Fio bank statement is malformed.

A statement file received from Fio (GPC or transaction JSON) is missing required fields or breaks the expected structure (no 074 header, empty payload, unparseable transaction line). The offending row or snippet is appended to the error message.

Fio API token is inactive.

Fio refused the request with `<status>error</status>`. This almost always means the API token stored in `shop__bank` for this account has been revoked, expired, or never activated. Fio tokens must be activated manually in Fio internet banking and have a fixed validity window.

Organisation member has been blocked.

Your user account within the organisation has been blocked. For further information, please contact your organisation administrator.

Member has no permission.

The authenticated member is part of the organisation but their role does not grant access to the requested module or action. Attach the module/action as parametric context when throwing — e.g. `throw ApiError("PERMISSION_MEMBER_HAS_NO_PERMISSION", "calendar:update")`.

Organisation API key does not exist or is broken.

Parameter "apiKey" is always required.

Sample API key cannot be used.

You are using a sample API key intended only for documentation and testing examples. Please replace it with a real API key generated in your organisation settings.

Organisation API key does not match expected format.

Please use 32 char length key generated from system.

Organisation API key has been deleted.

Organisation API key is not active now.

Organisation API key is empty. Please add your API key to request query.

Organisation API key has been expired.

API key does not have the required scope for this endpoint.

The API key is valid but has scope restrictions that do not include access to this endpoint. Each API key can be limited to specific scopes (e.g. "carddav", "feed.product"). If the key has any scopes assigned, only those endpoints are accessible.

Too many requests

The API request limit for this API key (or organisation) has been exceeded. Requests are counted in fixed 10-minute time blocks. Each block has a maximum number of allowed requests. Once the limit is reached, the API will temporarily reject further requests until the next 10-minute block begins. This mechanism is enforced to protect platform stability and to guarantee overall service reliability and SLA for all customers in a multi-tenant environment.

Calendar does not exist.

Calendar does not exist, please check your calendar code and your permission.

Form does not exist or is not active.

The form referenced by code or slug does not exist in this organisation, or its `active` flag is false and it has been hidden from the public API. Inactive forms intentionally return 404 (not 403) so the existence of internal-only forms is not disclosed.

Product does not exist.

Product does not exist, please check your slug.

Category does not exist.

Category does not exist, please check your slug.

Payment does not exist.

The payment id, gateway id or hash referenced by the request does not match any payment record in the current organisation. Payments are not soft-deleted, so this almost always means the identifier is wrong or refers to a payment in a different organisation.

Lock does not exist.

The TTLock referenced by id/code is not registered for this organisation, has been deleted, or your API key has no permission to control it.

Lock is not active.

The lock exists and belongs to this organisation but is currently marked inactive (e.g. offline, deactivated by an admin, or its TTLock pairing was revoked). Inactive locks reject all passcode and unlock operations until reactivated.

You have no permission to load this customer detail.

Wrong cuRefNo or your profile is not manager of this customer.

Customer can not assignee itself.

Parent comment does not exist.

A new post comment was submitted with a `parentExternalId` that does not match any existing comment on the same post. The most common cause is that the parent comment was deleted between the time the reply UI was rendered and the time the user pressed submit.

Tag use invalid format.

Tag key and value must be non-empty strings with a maximum length of 200 characters each.