Response Codes
Koard uses standard HTTP status codes.
| Code | Meaning |
|---|---|
200 |
Success |
201 |
Resource created |
202 |
Accepted |
204 |
No content |
400 |
Validation failure — check the response body for details |
401 |
Missing or invalid API key |
403 |
Insufficient permissions for this operation |
404 |
Resource not found |
409 |
Conflict — resource already exists or state mismatch |
422 |
Request cannot be processed |
423 |
Locked — merchant account is blocked and cannot perform this operation |
429 |
Rate limited — slow down and retry |
500 |
Unexpected server error |
Error Body Formats
Koard returns one of two error shapes depending on where the error originates.
Most 4xx errors (401, 403, 404, 409, 423, etc.) return a flat body with a single detail field describing the issue:
{
"detail": "Terminal not found for the given account"
}
Request-validation failures (400) and server errors (500) return a structured envelope with a machine-readable error code, a short message category, and a human-readable details string. Branch on error in client code; details is always a string (never a list or object):
{
"error": "internal_error",
"message": "Internal server error",
"details": "An unexpected error occurred. The incident has been logged."
}
The 500 envelope never leaks internal exception messages or stack traces — the incident is logged server-side and you only ever receive the generic details string above.
Envelope Error Codes
When an error is returned as the structured envelope, the error field is one of:
error |
HTTP | message |
|---|---|---|
validation_error |
400 | Request validation failed |
authentication_required |
401 | Authentication required |
permission_denied |
403 | Permission denied |
not_found |
404 | Resource not found |
conflict |
409 | Resource state conflict |
rate_limited |
429 | Rate limit exceeded |
upstream_error |
502 | Upstream processor error |
internal_error |
500 | Internal server error |
SDK Error Mapping
If you're using the Koard Android SDK, these HTTP status codes are automatically wrapped into KoardException with typed error classifications. You don't need to parse HTTP codes directly — use the KoardErrorType sealed hierarchy instead:
| HTTP Code | SDK Error Type | Description |
|---|---|---|
| 400 | KoardServiceErrorType.HttpError(400) |
Validation failure |
| 401 | KoardServiceErrorType.Unauthorized |
Invalid or expired API key |
| 403 | KoardServiceErrorType.HttpError(403) |
Insufficient permissions |
| 404 | KoardServiceErrorType.NotFound |
Resource not found |
| 409–422 | KoardServiceErrorType.HttpError(code) |
Conflict or processing error |
| 429 | KoardServiceErrorType.HttpError(429) |
Rate limited |
| 500 | KoardServiceErrorType.UnexpectedError |
Server error |
| Network failure | KoardServiceErrorType.ConnectionError |
DNS, timeout, or connectivity issue |
See the SDK Response Codes & Error Handling guide for the full KoardErrorType reference and code examples.

