All endpoints return errors with a stable JSON envelope. The
code is intended for programmatic handling and the
message is human-friendly.
{
"error": {
"code": "unauthorized",
"message": "missing or invalid token"
}
}Common codes
unauthorized missing/invalid token.
forbidden token valid but insufficient scope.
not_found resource does not exist.
rate_limited too many requests.