Errors & Rate Limits
All API errors follow a consistent JSON format with an HTTP status code and a machine-readable error code.
Error Response Format
JSON
{
"success": false,
"error": {
"code": "INVALID_TOKEN",
"message": "JWT token is expired",
"details": {}
}
}HTTP Status Codes
- 200 OK — Request succeeded
- 201 Created — Resource successfully created
- 400 Bad Request — Invalid request body or missing required fields
- 401 Unauthorized — Missing or invalid JWT token
- 403 Forbidden — Valid token but insufficient permissions
- 404 Not Found — Resource does not exist
- 409 Conflict — Resource already exists (e.g., duplicate email)
- 422 Unprocessable Entity — Validation failed (field-level errors)
- 429 Too Many Requests — Rate limit exceeded
- 500 Internal Server Error — Unexpected server error
- 503 Service Unavailable — Upstream provider (LLM/ASR/TTS) is down
Authentication Errors
- MISSING_TOKEN — No Authorization header provided
- INVALID_TOKEN — Token signature is invalid
- EXPIRED_TOKEN — Token has expired (24h access, 7d refresh)
- INVALID_OTP — OTP code is incorrect
- OTP_EXPIRED — OTP expired (10 minute window)
- OTP_MAX_ATTEMPTS — Maximum 5 OTP attempts exceeded
- EMAIL_NOT_VERIFIED — Account not verified via OTP
Provider Errors
- PROVIDER_API_KEY_INVALID — The configured provider API key is rejected
- PROVIDER_QUOTA_EXCEEDED — Provider rate limit or quota reached
- PROVIDER_TIMEOUT — Provider did not respond within timeout
- PROVIDER_NOT_CONFIGURED — Agent is missing LLM, ASR, or TTS provider
Rate Limits
- Authentication endpoints — 10 requests/minute per IP
- REST API endpoints — 100 requests/minute per user
- Session start — 20 sessions/minute per user
- Concurrent WebSocket sessions — 50 per user
- Tool executions — 200 per minute per agent
⚠️
Exceeding rate limits returns HTTP 429. Implement exponential backoff with jitter in your retry logic.
System Limits
- Maximum session duration — 60 minutes
- Maximum conversation turns — 500 per session
- Maximum knowledge base entries — 500 per workspace
- Maximum tools per agent — 20
- Maximum audio frame size — 65536 bytes
- Maximum dynamic_variables per session — 50 key-value pairs