Core concepts

Errors & rate limits

Errors come back with a stable machine-readable code plus a human-readable message. The HTTP status is set in the obvious way: 400 for client errors, 401 for missing or invalid auth, 403 for valid auth without the right scope, 404for things that don't exist or that your org can't see, and 429 for rate-limit overruns.

error shapes

json

{ "error": { "code": "not_found",     "message": "Campaign not found" } }
{ "error": { "code": "unauthorized",  "message": "Missing API key" } }
{ "error": { "code": "forbidden",     "message": "Scope 'messages' required" } }
{ "error": { "code": "rate_limited",  "message": "Too many requests" } }

REST endpoints allow 100 requests per minute per API key. The pixel endpoints (/api/promolink, /api/event) allow 120 requests per minute per IP. Enough for a busy shared office or mobile-carrier NAT, but not so high that one bad actor can flood your event stream. When you hit a limit you'll get a 429 with a body explaining when to retry.