API Reference

Error Handling

Every API response includes an X-Request-ID header so support can trace a failure without exposing internal details. Query API and direct route errors also include that value as requestId in their JSON body. Framework-generated RPC errors may expose it only in the header.

Error response

json
{
"success": false,
"error": "Human-readable error message",
"code": "ERROR_CODE",
"requestId": "req_abc123def456"
}

Some validation failures also include details with the affected field and a suggested correction:

json
{
"success": false,
"error": "Unknown query type: summry. Did you mean 'summary'?",
"code": "VALIDATION_ERROR",
"requestId": "req_abc123def456",
"details": [
  {
    "field": "parameters[0]",
    "message": "Unknown query type: summry",
    "suggestion": "Did you mean 'summary'?"
  }
]
}

Query API codes

These are the stable codes returned by /v1/query and its subroutes:

CodeHTTP statusMeaningRecovery
AUTH_REQUIRED401The protected operation has no valid API key or sessionAdd authentication and retry
ACCESS_DENIED403Authentication succeeded but cannot access the requested resourceCheck the key's organization, resource access, and scopes
MISSING_PROJECT_ID400No website, link, monitor, or organization identifier was suppliedAdd the identifier required by the query type
MISSING_WEBSITE_ID400The custom-query endpoint needs website_idAdd website_id to the query string
VALIDATION_ERROR400The body, date range, filter, or query type is invalidCorrect the reported fields and retry
COMPILATION_ERROR400The query could not be compiledCorrect the query definition
QUERY_ERROR400The custom query could not be executedCheck the message and query definition
FEATURE_UNAVAILABLE402The selected plan does not include the requested query capabilityChange plan or remove that query type
RATE_LIMITED429The request limit was reachedWait for Retry-After, then retry
INTERNAL_SERVER_ERROR500An unexpected server error occurredRetry; if it continues, contact support with the request ID

Other API families can define additional codes. Treat code as the programmatic value and keep a fallback for unfamiliar codes.

Authentication response

Protected endpoints return a discovery hint in addition to the JSON body:

http
HTTP/1.1 401 Unauthorized
X-Request-ID: req_abc123def456
WWW-Authenticate: Bearer resource_metadata="https://api.databuddy.cc/.well-known/oauth-protected-resource"

Rate-limit response

json
{
"success": false,
"error": "Rate limit exceeded",
"code": "RATE_LIMITED",
"requestId": "req_abc123def456",
"limit": 120,
"remaining": 0,
"reset": 1735732810000,
"retryAfter": 8
}

reset is a Unix timestamp in milliseconds. retryAfter and the Retry-After header are seconds.

Partial query results

A valid multi-parameter query can contain a failure for one parameter while other parameters succeed:

json
{
"success": true,
"requestId": "req_abc123def456",
"data": [
  { "parameter": "summary", "success": true, "data": [] },
  {
    "parameter": "pages",
    "success": false,
    "error": "Query execution failed",
    "data": []
  }
]
}

Check both the top-level success value and each result's success value.

Recovery checklist

  1. Record code, HTTP status, and requestId.
  2. For 401 and 403, verify authentication, scopes, organization, and resource access.
  3. For 400, correct the documented field instead of retrying unchanged.
  4. For 429, wait for Retry-After; add jitter when many workers share a key.
  5. For 5xx, retry with bounded exponential backoff. Contact support with the request ID if the failure continues.

How is this guide?