200 with data, a 4xx validation error, or a 5xx
downstream failure, the response body has the same outer shape:
request_id at the top level, plus either data (on success) or error
(on failure).
Success
Error
error.code is a stable machine-readable identifier — use it for branching
in your code. error.message is human-readable and may be polished over
time, so don’t pattern-match on it.
request_id is in every response. Include it when you open a support
ticket; it lets klikit pinpoint the exact request in our logs. Treat its
format as opaque — the production format today is 32-char hex, but
older paths and the development environment may return UUID-prefixed
strings like req_e9f2b838-38e9-43ba-9e30-9b747da67d9f. Don’t validate
it client-side.
Status code conventions
| Code | Meaning |
|---|---|
200, 201, 204 | Success |
400 | Request invalid — body, headers, or query parameters didn’t validate |
401 | Credentials missing, malformed, or revoked |
403 | Authenticated but the credential lacks the required scope |
404 | Resource not found, or not visible to this credential |
409 | Conflict — most commonly an Idempotency-Key re-used with a different body |
422 | Semantically invalid (e.g. status transition not allowed) |
429 | Rate-limited — back off and retry |
5xx | Klikit-side failure. Retry with backoff; raise a ticket if it persists |
error object. A 2xx response always
has a data field (it may be null, {}, or []).
Pagination — note the inconsistency
Endpoints that return lists wrap theirdata in a paginated object with
page, size, and total. The key holding the actual items varies by
endpoint:
| Endpoint | Items live under |
|---|---|
GET /orders | data.orders |
GET /branches | data.results |
GET /brands | data[0].brands (legacy shape — data is an outer array) |