Skip to main content
Boseat uses consistent error payloads and correlation IDs to help you debug.

Error response shape

{
  "status": 400,
  "code": "VALIDATION_FAILED",
  "message": "start must be before end",
  "correlationId": "acb1f5f9-...",
  "details": [
    { "field": "start", "issue": "must be before end" }
  ]
}

Common codes

  • UNAUTHORIZED — missing/invalid token
  • FORBIDDEN — scope missing or insufficient org permissions
  • VALIDATION_FAILED — request shape or business rules not met
  • NOT_FOUND — resource does not exist or is not visible
  • RATE_LIMITED — too many requests
  • SERVER_ERROR — unexpected error on our side
StatusAction
400/422Fix request shape/validation and retry
401Refresh token or fix credentials
403Request missing scopes/permissions
404Verify IDs and visibility
429Back off, honor Retry-After, keep idempotent
5xxRetry with backoff and idempotency

Validation and observability

  • Requests are validated at the edge; you will always get structured messages.
  • Every response includes a correlationId. Provide it when contacting support.

Retry guidance

  • 4xx: fix the request before retrying.
  • 429: back off with exponential retry (e.g., 1s, 2s, 4s) and respect Retry-After if provided.
  • 5xx: retry with backoff; keep attempts idempotent.

Best practices

  • Log correlationId, HTTP status, and code for each call.
  • Prefer idempotent operations when retrying booking flows.
  • Validate inputs client side to avoid avoidable VALIDATION_FAILED responses.