Skip to main content

Errors and rate limits

HTTP status codes

CodeMeaning
200Success.
401Unauthorized — invalid or missing API key, or key revoked/expired.
403Forbidden — rate limit exceeded.
500Internal server or configuration error.

Error response shape

Error responses are JSON, for example:

{
	"error": "Unauthorized",
	"message": "Invalid API key"
}

or:

{
	"error": "Request not allowed",
	"message": "Rate limit exceeded. You have used 100 of 100 allowed requests today.",
	"remaining": 0,
	"limit": 100
}

Rate limits

  • API keys (default): 100 requests per day per key (per wallet).
  • Limits are enforced per API key; usage is tracked by the wallet tied to the key.
  • When you exceed the limit, the API returns 403 with a message and remaining: 0.

Rate limits reset daily (UTC). There is no separate document for “custom” limits; any higher limits are configured per key by the team.

What to do

  • 401: Check that you send the API key in Authorization: Bearer <key>, that the key is correct, and that it has not been revoked or expired. Request a new key if needed.
  • 403: Wait until the next day or request a higher limit from the team.
  • 500: Retry later; if it persists, contact the team.

Security

Key rotation and revocation:

  • If a key might be compromised, request that it be revoked immediately
  • Use different keys for different environments (dev vs production)

How we protect your keys:

  • API keys are hashed before storage; the full key is never stored or logged
  • All external traffic is authenticated; invalid or missing keys receive 401
  • Requests are rate-limited per key to reduce abuse