2xx means success, 4xx means
a problem with the request, 5xx means a problem on Flowlix’s side. Every
error response carries a JSON body with a single error object:
| Field | Description |
|---|---|
type | Error category — the first thing to branch on. |
code | Short machine-readable code identifying the exact problem. |
message | Human-readable explanation. Safe to log; do not show raw to customers. |
param | The request parameter that caused the error, when applicable (e.g. billing_details[address][country]). |
decline_code | For card_error only: the standardized decline reason. See Decline codes. |
doc_url | Link to the relevant documentation. |
request_id | Matches the Request-Id response header. Include it when contacting support. |
A declined card is not an HTTP error. Card declines surface on the
Payment object as
status: "FAILED" with a decline_code — the create
request itself still returns 201. HTTP errors describe problems with the
request or the operation’s preconditions, not the issuer’s decision. See
Payment lifecycle.Error types
error.type | Typical HTTP | Meaning |
|---|---|---|
invalid_request_error | 400, 404, 422 | The request is malformed, fails validation, references a missing resource, or is not allowed in the current state. |
authentication_error | 401, 403 | The API key is missing, invalid, revoked, or not allowed to perform the operation. |
idempotency_error | 409 | An Idempotency-Key was reused with a different body, or the original request is still in flight. |
card_error | 422 | The operation cannot proceed for a card-related reason; decline_code carries the detail. |
rate_limit_error | 429 | Too many requests. Honor the Retry-After header. |
api_error | 500, 503 | Something went wrong on Flowlix’s side or at an upstream processor. Retry with the same idempotency key. |
Error codes
Thecode field pinpoints the exact problem within a type:
code | Type | HTTP | Meaning |
|---|---|---|---|
parameter_missing | invalid_request_error | 400 | A required field or header is absent. param names it. |
parameter_invalid | invalid_request_error | 400 | A field has the wrong format, type, or an out-of-range value. param names it. |
resource_not_found | invalid_request_error | 404 | No object with the supplied ID exists for this merchant and mode. |
amount_exceeds_refundable | invalid_request_error | 422 | The refund amount is greater than the payment’s amount_refundable. |
payment_not_refundable | invalid_request_error | 422 | The payment is not in a refundable state (for example, not SUCCEEDED). |
invalid_api_key | authentication_error | 401 | The Bearer token is missing, malformed, expired, or revoked. |
mode_mismatch | authentication_error | 403 | The key’s mode (test/live) does not match the resource. |
idempotency_key_reused | idempotency_error | 409 | The key was already used with a different request body. |
idempotency_key_in_flight | idempotency_error | 409 | The original request with this key is still processing. Retry shortly. |
rate_limit_exceeded | rate_limit_error | 429 | Request rate exceeded for this API key. |
internal_error | api_error | 500 | Unexpected error inside Flowlix. Safe to retry with the same idempotency key. |
service_unavailable | api_error | 503 | Flowlix or an upstream processor is temporarily unavailable. Retry with backoff. |
Handling errors
- Log
request_id(or theRequest-Idheader) for every failed call — it is the fastest path to a support resolution. - Treat unknown
codevalues as theirtype’s default behavior; new codes may be added over time without notice.
Rate limits
Rate limits are applied per API key. When you exceed them, requests fail with429 rate_limit_error and a Retry-After header with the number of seconds
to wait. Spread bursts, cache GET results where possible, and use
webhooks instead of tight polling loops to stay well under
the limits.