OutpayDocs
Developers

Handle errors

Handle authentication, validation, conflict, rate-limit, and server failures.

The versioned API uses this error envelope on every failure:

{
  "error": {
    "code": "VALIDATION_FAILED",
    "message": "Request body is invalid.",
    "details": [{ "field": "amount", "issue": "Must be positive." }],
    "request_id": "req_01JZ8T6M3J08HKF5Y98S9E2N8N"
  }
}
HTTPCodeMeaningRetry?
400VALIDATION_FAILEDThe JSON, path, or query does not satisfy the route's schema.No — correct the request first.
401INVALID_API_KEYMissing, malformed, revoked, or mismatched key.No — rotate or reconfigure the credential.
403FORBIDDENThe key lacks the operation's required scope.No — use a correctly scoped key.
404CHECKOUT_NOT_FOUNDThe checkout does not exist within the authenticated merchant's scope.No — verify the identifier.
409IDEMPOTENCY_KEY_REUSEDThe same key was sent with a different request body.No — investigate, and use a new key only for a genuinely new request.
409EXPIRED_IDEMPOTENCY_KEYThe stored replay record is past its 24-hour expiry.Only after deciding whether a new checkout is still appropriate.
409MERCHANT_NOT_ACTIVEThe merchant account cannot create new checkouts.No, until the merchant is reactivated.
429rate-limit errorThe merchant or route exceeded its configured limit.Yes, after the Retry-After delay.
500CHECKOUT_CREATE_FAILED, or a read/list failure codeUnexpected server-side failure.For a create request, retry only with the same idempotency key.

Keep request IDs

Log request_id alongside your order ID and checkout ID. It is the shortest path to support and incident correlation.

  • Errors — the full, code-authoritative error catalogue.
  • Idempotency — the mechanics behind the 409 conflict codes.
  • Support — what to include when you escalate an error.

On this page