# Error responses

Sales Layer REST APIs use standard HTTP status codes to indicate failed operations.

The current OpenAPI specifications document these error status codes:

| Status code | Meaning |
|  --- | --- |
| `400 Bad Request` | The request is malformed or contains invalid values. |
| `401 Unauthorized` | The API key is missing, empty, or invalid. |
| `403 Forbidden` | The request is authenticated but not authorized for the requested operation. Documented in Catalog API operations. |
| `404 Not Found` | The requested resource does not exist or is not available for the current account. |
| `409 Conflict` | The operation conflicts with the current resource state. Documented in DAM operations. |
| `500 Internal Server Error` | The API could not process the request because of an unexpected server-side error. |


## 400 Bad Request

Use `400` errors to identify request issues such as invalid query syntax, invalid body fields, unsupported values, or missing required data.

Example validation shape:


```json
{
  "validationFailures": {
    "field": [
      "Validation message"
    ]
  }
}
```

## 401 Unauthorized

`401` indicates an authentication problem.

Check that the `X-API-KEY` header is present and contains the correct value.


```json
{
  "type": "https://api2.saleslayer.com/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "A valid API key is required.",
  "instance": "/rest/Catalog/Products"
}
```

## 403 Forbidden

`403` indicates that the API understood the request but the authenticated client is not allowed to perform it.

This status is defined in Catalog API operations only. DAM API endpoints do not return `403`.

## 404 Not Found

`404` indicates that the requested resource could not be found.

This can happen when an identifier is wrong, the resource was deleted, or the resource is not available in the current account context.

## 409 Conflict

`409` indicates that the operation cannot be completed because of the current resource state.

This status is documented in DAM operations, for example when an image cannot be modified or deleted while it is being processed.

## 500 Internal Server Error

`500` indicates an unexpected server-side error.

Clients should not retry indefinitely. Use bounded retries with backoff for temporary failures and surface persistent errors to the integration owner.

## Implementation notes

* Treat `400`, `401`, `403`, and `404` as errors that usually require request or configuration changes.
* Treat `409` as a state conflict; retry only when the conflict is expected to be temporary.
* Treat `500` as potentially temporary, but use bounded retries.
* Log status code, endpoint, operation, and correlation identifiers when available.


## Related pages

* [DAM error details](/guides/errors)
* [Rate limiting](/guides/rate-limiting)
* [Feedback and privacy](/guides/feedback-privacy)
* [API reference overview](/apis)