Appearance
Errors
Upsign follows usual HTTP semantics: check the status code first, then parse the JSON body when present. Many routes return a structured object with code and message; others return a simple error string—see the examples below.
HTTP status
Typical responses:
| Status | Meaning |
|---|---|
| 400 | Validation / missing headers / bad ID format |
| 401 | Missing or invalid X-Api-Key, or other auth failures called out for specific routes |
| 403 | Forbidden (e.g. webhook routes require admin) |
| 404 | Resource not found or not accessible (often same JSON as “not found” for ACL) |
| 500 | Server / configuration error |
JSON shapes
Many document routes return structured errors:
json
{
"code": "invalid_id_format",
"message": "Expected a document ID starting with \"doc_\"."
}Webhook routes sometimes return:
json
{ "error": "Forbidden. Admin access required." }Per-operation status codes, code values, and response schemas are defined in the API reference (OpenAPI).