Skip to main content

Errors

HTTP status codes

StatusMeaning
200Success
201Created (domain, payment)
204No content (logout, delete)
400Bad request — check request body
401Unauthorized — invalid or expired JWT
403Forbidden — insufficient permissions
404Not found — domain or resource doesn’t exist
409Conflict — e.g. email already registered
429Too many requests — rate limit exceeded
500Internal server error

Error response format

{
  "error": "description of the problem"
}

Common errors

401 Unauthorized

Your JWT access token has expired. Refresh it: 
POST /api/auth/refresh
The refresh token is sent as an HTTP-only cookie. The response contains a new access token.

404 on domain endpoint

The {id} in /api/domains/{id} is the domain’s UUID (the id field from GET /api/domains), not the domain name. 
# First, get domain list
GET /api/domains
# Response: [{ "id": "abc-123", "domain": "example.com", ... }]

# Then use the id
PATCH /api/domains/abc-123

Webhook not being received

  1. Check that your endpoint returns a 2xx response within 1 second
  2. Check that your endpoint is publicly accessible (HTTPS required)
  3. Verify the webhook URL is registered: check callback field in GET /api/domains
  4. Check your server logs for the incoming POST

Score always 0

If your webhook always returns Score: 0, check:
  • STUN is completing successfully (check browser console for WebRTC errors)
  • Your CSP includes connect-src blob: wss://*.shieldlabs.ai
  • The snippet is loading without errors (import() resolved)