When a request is rejected, the API returns an appropriate HTTP status code and a structured JSON body. Use theDocumentation Index
Fetch the complete documentation index at: https://docs.bloobank.com/llms.txt
Use this file to discover all available pages before exploring further.
status field to branch in your client code — it is stable and machine-readable.
Error payload shape
HTTP status code mirrored in the body.
Stable machine-readable error code. Use this to branch in your client code.
Human-readable summary of the error.
Additional detail objects. Each entry may include
reason, description, and
a metadata object containing a decisionId for support escalation.Error codes
| HTTP | Status | When it fires | What to do |
|---|---|---|---|
| 400 | MISSING_HEADER | A required authentication header was not sent. | Check that all four headers are present: X-Access-Key, X-Access-Timestamp, X-Access-Request-Id, X-Access-Signature. |
| 400 | TIMESTAMP_INVALID | X-Access-Timestamp is not a valid Unix millisecond timestamp. | Ensure the value is a 13-digit integer in milliseconds, not seconds. |
| 401 | TIMESTAMP_SKEW_EXCEEDED | Timestamp is outside the server’s acceptance window. | Sync your server clock via NTP. |
| 401 | SIGNATURE_INVALID | ECDSA signature fails verification. | Check canonical string construction, body hashing, and low-S normalization. |
| 401 | REPLAY_DETECTED | X-Access-Request-Id has already been used. | Generate a new UUID v4 for every request, including retries. |
| 403 | RBAC_DENY | Credential is authenticated but lacks permission for the operation. | Review the Access Key permissions in the Dashboard. |