- The application handles most calls and, on failure, returns the structured error envelope below; parse it for the precise cause.
- The infrastructure in front of the API (gateway, authentication, throttling) can answer first, and those responses may not carry the envelope.
400 from malformed JSON and a 400 from a field that fails validation require different fixes. The envelope’s code and errors disambiguate them.
Error envelope
Errors raised by the application share the same JSON shape: a problem-details-style object (the Paylead error profile). Three fields are always present (code, title, status); errors and instance are added when relevant. Errors raised at the edge may not include it.
Code examples coming soon. The Paylead API (v2) is still under construction. Request and response examples for this section will be published once the contract is finalized. In the meantime, contact your Paylead account manager for early-access details.
| Field | Type | Always present | Description |
|---|---|---|---|
code | string | Yes | Stable, machine-readable Paylead error code. Switch your logic on this, never on title. |
title | string | Yes | Human-readable explanation. The wording may change between versions. |
status | integer | Yes | The HTTP status code, repeated in the body for convenience. |
errors | array of objects | No | Present on validation failures. Each item describes one problem; its fields are endpoint-specific (offending location, expected format, …). null when there are no field-level details. |
instance | string | No | Reference to this specific occurrence of the failure, when the platform sets one. Include it in support tickets if present. May be null. |
Example 400 response
HTTP status codes
Returned by the application
On failure, these carry the error envelope above.| Code | Meaning | When you see it |
|---|---|---|
200 OK | Success | Read or update succeeded. |
201 Created | Success | Resource was created (Consumer, payment account, …). |
202 Accepted | Success | Request accepted for asynchronous processing, e.g. a payout is initiated synchronously but settled later by the PSP. |
204 No Content | Success | Delete or update succeeded; no body. |
400 Bad Request | Client error | Payload invalid, missing field, or malformed JSON. The errors array carries the field-level detail. |
401 Unauthorized | Auth error | Missing, expired, or invalid credentials/token. |
403 Forbidden | Auth error | Authenticated, but not allowed: wrong scope, Program, or environment. |
404 Not Found | Client error | Resource ID does not exist. |
409 Conflict | Client error | Resource already exists, or the state transition is illegal. |
500 Internal Server Error | Server error | Unexpected failure inside the API. Retry with backoff. |
Raised at the edge
Some requests never reach the application: the API gateway and upstream infrastructure answer first (throttling and gateway failures). These responses may not carry the error envelope: the body can be empty, plain text, or a different JSON shape, so branch on the HTTP status and never assume a parseablecode / title.
| Code | Meaning | Typical cause |
|---|---|---|
429 Too Many Requests | Throttling | Program rate limit exceeded. See Rate limits. |
502 Bad Gateway | Server | A gateway or upstream dependency was unavailable. Retry. |
504 Gateway Timeout | Server | A gateway or upstream dependency timed out. Retry idempotent calls only. |
401 and 403 (listed above) are returned by the application with the envelope, but an edge rejection may arrive without it. Handle both.
Handling common errors
400 Bad Request
400 Bad Request
The payload is malformed JSON, or a field fails validation.Fix. Read the
errors array: each entry points at the offending field and the rule it broke. Coerce the value on the client and resend. If errors is empty, the body itself was not valid JSON.403 Forbidden
403 Forbidden
The token is valid but is not allowed to access this resource, for example it was issued for a different Program or environment, or it lacks the required scope (
LOYALTIES, PERKS, TX_INJECTION, or ALL).Fix. Confirm you are using the token issued for this Program and this environment (sandbox vs production), and that it carries the scope the endpoint needs. See Authentication.404 Not Found
404 Not Found
No resource matches the given ID, for example no Consumer with that
consumer_id.Fix. Verify the ID and confirm the resource was created against the same environment. Create it if needed.409 Conflict
409 Conflict
500 / 502 Server errors
500 / 502 Server errors
Something failed inside Paylead (
500) or in an upstream dependency (502). Not your fault, but you still need to handle it.Fix. Retry idempotent calls with exponential backoff. If the issue persists, share the response body (including the instance when present) with Paylead support.Retry strategy
| Status code | Retry? | Strategy |
|---|---|---|
4xx (except 429) | No | Fix the client. Retrying gives the same error. |
429 | Yes | Honor Retry-After. Exponential backoff with jitter. See Rate limits. |
500, 502 | Yes | Exponential backoff. Cap at 5 attempts. |
504 | Yes, idempotent only | GET and DELETE are safe to retry. Retrying a timed-out or POST may create a duplicate. |
What’s next
FAQ
Common integration questions, answered.
Security
Data protection and regulatory compliance for your integration.
Support
Contact Paylead support. Share the failing response, including its
instance when present.