Skip to main content
This reference documents HTTP response status codes used by the Quivo API and explains when each code is returned

Overview

The Quivo API uses standard HTTP status codes to indicate the result of API requests. All responses follow REST conventions, where status codes communicate the success or failure of operations.
For detailed endpoint-specific response information, see the API Reference endpoints documentation.

Success Codes (2xx)

These codes indicate that a request was successfully received, understood, and processed.

200 OK

The request succeeded. The response body contains the requested data or the result of the operation. When returned:
  • Successful GET requests that retrieve data
  • Successful PUT or PATCH requests that update resources
  • Successful POST requests that return the created or updated resource

204 No Content

The request succeeded, but there is no content to return in the response body. When returned:
  • Some endpoints return 204 No Content for successful operations that don’t require a response body
  • DELETE operations that successfully remove a resource
  • Some PUT or PATCH operations that update resources without returning the updated resource

Client Error Codes (4xx)

These codes indicate that the client made an error in the request.

400 Bad Request

The request was invalid or malformed. When returned:
  • Invalid request body or parameters
  • Validation errors (for example, required fields missing or invalid values)
  • Bad request body or parameters from AWS API Gateway
Example response: 
positions: must not be null

401 Unauthorized

Authentication failed or the request lacks valid authentication credentials. When returned:
  • Session tokens expire (after 1 hour)
  • Authentication fails or the request lacks valid authentication credentials
  • The incoming token has expired
Example response: 
{
  "message": "The incoming token has expired"
}
When you receive a 401 Unauthorized error due to an expired token, obtain a new session token by calling the POST /login endpoint and retry your request. See the Authentication reference for detailed instructions.

403 Forbidden

The request was valid, but the server is refusing to fulfill it due to insufficient permissions or other access restrictions. When returned:
  • Access denied
  • Expired token
  • Invalid API key
  • Invalid signature
  • Missing authentication token
  • WAF (Web Application Firewall) filtered request
Example responses: 
{
  "message": "Forbidden"
}

{
  "Message": "Access Denied"
}

404 Not Found

The requested resource was not found. When returned:
  • The specified resource ID doesn’t exist
  • The endpoint path is incorrect
  • Resource not found from AWS API Gateway
Example response: 
Order with ID 12311231 not found

405 Method Not Allowed

The HTTP method used is not allowed for the requested endpoint. When returned:
  • Using an unsupported HTTP method (for example, using PUT on an endpoint that only supports GET)
Example response: 
Method Not Allowed

413 Request Entity Too Large

The request body is too large. When returned:
  • Request too large from AWS API Gateway

415 Unsupported Media Type

The request’s Content-Type is not supported. When returned:
  • Unsupported media type from AWS API Gateway

429 Too Many Requests

The client has exceeded the rate limit or quota. When returned:
  • Quota exceeded
  • Request throttled by AWS API Gateway

Server Error Codes (5xx)

These codes indicate that the server encountered an error while processing the request.

500 Internal Server Error

The server encountered an unexpected error. When returned:
  • Unexpected server errors
  • API configuration error from AWS API Gateway
  • Authorizer configuration error from AWS API Gateway
  • Authorizer failure from AWS API Gateway

501 Not Implemented

The requested functionality is not implemented. When returned:
  • The endpoint or feature is not yet available

504 Gateway Timeout

The server, acting as a gateway, did not receive a timely response from an upstream server. When returned:
  • Integration failure from AWS API Gateway
  • Integration timeout from AWS API Gateway

Error Response Format

The Quivo API uses different error response formats depending on where the error occurs:

Backend Errors

Errors returned by the Quivo API backend are typically simple strings: 
Order with ID 12311231 not found

positions: must not be null

API Gateway Errors

Errors returned by AWS API Gateway are formatted as JSON with a message (or Message) field: 
{
  "message": "The incoming token has expired"
}

{
  "Message": "Access Denied"
}

Additional Response Codes

The Quivo API uses standard HTTP status codes. The codes documented above are the primary ones you’ll encounter. AWS API Gateway may also return other standard HTTP status codes in specific scenarios.

Where to go next

Now that you understand HTTP response codes, continue with these guides:

Authentication

Learn about authentication and how to handle 401 Unauthorized errors.

Environments

Understand production and sandbox environments for testing error scenarios.