Skip to main content
ezyshield uses HTTP status codes to distinguish authentication, authorization, validation, rate-limit, and server errors.
CodeMeaningTypical handling
200SuccessProcess the response body.
201CreatedStore the returned resource ID.
204No contentTreat the operation as complete.
400Bad requestCheck request structure and endpoint requirements.
401UnauthorizedCheck that the API key is present and valid.
403ForbiddenCheck the key’s abilities and organization access.
404Not foundCheck the resource ID and organization context.
422Validation errorShow or log field-level validation messages.
429Too many requestsBack off and retry after the rate-limit window resets.
500Server errorRetry only if safe, then contact support if it persists.
503Service unavailableRetry later.

Validation errors

Validation errors return 422. Use them to correct request fields before retrying. For exact field rules, read the generated endpoint reference.

Authorization errors

API keys are organization-scoped and ability-scoped. A valid key can still receive 403 if it does not include the ability required by the endpoint. See Authentication for abilities and key handling.