Skip to main content
Every error returns the same envelope with a stable code you can branch on and a human-readable message.
{ "error": { "code": "INSUFFICIENT_CREDIT", "message": "Top up your balance to issue cards" } }

HTTP status mapping

StatusMeaning
400Invalid request — bad or missing input
401Missing or invalid credentials
402Payment required — insufficient platform credit
403Authenticated, but not permitted
404Resource not found or out of scope
409Conflict — resource already exists
410Gone — link expired
500Internal error — safe to retry later

Common codes

CodeWhen
UNAUTHORIZEDNo valid bearer token on a protected route
INVALID_CLIENTBad client_id / client_secret at the token endpoint
INVALID_CREDENTIALSWrong email or password
FORBIDDENRole lacks access to the resource or action
NOT_FOUNDResource missing or not visible to your org
INVALID_REQUESTValidation failed (e.g. applicant not approved, missing program_id / account_id / cardholder_id, or verified address missing state)
APPLICANT_ALREADY_EXISTSDuplicate applicant for the organization
INSUFFICIENT_CREDITNot enough balance to cover the issuance fee
KYC_INCOMPLETEAction requires an approved applicant
ISSUER_KYC_INCOMPLETETenant KYC passed but issuer identity is not ready — call POST /v1/applicants/{id}/submit or kyc-share, then poll GET …/kyc-status until issuerKycReady is true
KYC_NOT_APPROVEDkyc-share called before tenant attestation of approval
KYC_SHARE_REJECTEDBYOK share token invalid, expired, or not addressed to Apocor’s shareRecipientId
KYC_SHARE_FAILEDSumsub could not import the tenant share token
KYC_NOT_CONFIGUREDSumsub or issuer share recipients are not configured on the platform
RAIL_NOT_CONFIGUREDLive issuer rail credentials are missing — card issuance requires Interlace
RAIL_ACCOUNT_MISSINGIssuer sub-account could not be created — applicant email is required
EXTERNAL_SERVICE_ERRORUpstream issuer failure (budget, cardholder, or card creation). Common causes: issuer account not initialized, or verified address missing state
ISSUER_ERRORUpstream issuer rejected the request (e.g. cardholder at card limit, duplicate spend control). Message contains the issuer detail
NOT_IMPLEMENTEDAction requires live issuer configuration that is not enabled
WEAK_PASSWORDPassword below the minimum length
INVITE_EXPIREDOnboarding link is no longer valid
INTERNAL_ERRORUnexpected server error
Branch on error.code, not on error.message. Codes are stable across releases; messages may be reworded.