Browse all guides

Errors & Validation

The API uses conventional HTTP status codes. Errors are JSON and safe to parse programmatically.

Status codes

Code Meaning
200 Request succeeded.
201 Record created.
204 Record deleted (no body).
401 Missing/invalid API key - also returned when a key with an IP allowlist is used from a non-allowed address, and when the key was revoked or regenerated.
403 The key (or its creating user) lacks the permission required by this endpoint, or the user is not a member of the workspace.
404 No record with this ID is visible to you in this workspace. Growee returns 404 rather than confirming a record exists.
422 Validation failed - see below.
429 Rate limit exceeded - see Rate limits.
5xx Something went wrong on our side. Retry with backoff; contact support if it persists.

Error shape

Non-validation errors return a message:

{
  "message": "This action is unauthorized."
}

Validation errors (422)

Validation failures list every problem per field:

{
  "message": "The worked minutes field is required. (and 1 more error)",
  "errors": {
    "worked_minutes": ["The worked minutes field is required."],
    "date": ["The date field must be a valid date."]
  }
}

Handling tips:

  • Keys of errors match the request payload field names.
  • Each value is an array of human-readable messages - show them directly or map them to your own copy.
  • The reference documents each endpoint’s required fields and formats, generated from the live validation rules.

Common pitfalls

  • 401 on a correct key - check the IP allowlist on the key, and that you send Authorization: Bearer <key> (no quotes, no Token prefix).
  • 403 on a documented endpoint - the key is missing the permission scope; add it in Settings → Integrations → API Keys (you may need the permission yourself first).
  • 404 for an ID you can see in the app - you’re probably hitting the wrong workspace subdomain, or the record belongs to another workspace.
  • Field silently missing from a response - fields gated by permissions (noted in the reference) are omitted, not nulled, when the key lacks access.

Questions about the API? Contact support or email support@growee.net.