Common errors
| Code | Meaning |
|---|---|
missing_authorization | No Bearer token was supplied. |
invalid_token | The token is expired, revoked, inactive, unknown, or not valid for the route. |
not_found | The route or resource is unavailable. |
validation_failed | A path, query, or body field failed validation. |
permission_denied | The credential is not allowed to perform the requested action. |
Production guidance
- Store
pat_...Project API Tokens server-side only. - Send
X-Operation-Keyfor multi-step jobs so API journeys are easier to inspect. - Use
include_count=trueonly when you need total counts. - Prefer exact filters and indexes for high-traffic list views.
- Treat export URLs as generated artifacts, not permanent canonical storage.