Errors
The API uses standard HTTP status codes. A 2xx means success; anything else
carries a JSON body describing what went wrong.
Error shape
Section titled “Error shape”{ "errorCode": "UNAUTHORIZED", "message": "Missing or invalid token"}errorCodeis a stable, machine-readable string you can branch on.messageis a human-readable description, useful for logs and debugging.
Status codes
Section titled “Status codes”| Status | Meaning | What to do |
|---|---|---|
200 | Success | Read the response body. |
400 | Bad request | A parameter is missing or malformed. Check the message. |
401 | Unauthorized | The token is missing, malformed, expired, or revoked. Check the header and the token. |
403 | Forbidden | The token is valid but not allowed here, for example the organization’s plan does not include the API, or the API is turned off. |
404 | Not found | The id does not exist, or it is outside what you can see. The two are deliberately indistinguishable. |
429 | Too many requests | You hit a rate limit. Wait for the Retry-After header. |
5xx | Server error | Something went wrong on our side. Retry with backoff; if it persists, contact support. |
A note on 404 vs 403
Section titled “A note on 404 vs 403”When you request something you are not allowed to see, the API returns 404 Not Found rather than 403 Forbidden. This is intentional: revealing that a
resource exists but is off-limits would itself leak information. If you expected
a resource and got a 404, confirm that the token’s owner can actually see it in
the Mereon app.