detail field describing what went wrong. Your integration should read this field to surface actionable error messages.
Error response format
Every error response follows this shape:detail value is a human-readable string. It changes with each error type, so treat it as display text rather than a stable key to match programmatically.
HTTP status codes
403 vs 404: DocInject returns
404, not 403, for resources that exist but your token doesn’t have access to. This prevents your integration from inferring whether a resource exists at all, which avoids leaking information across organization boundaries.Handling errors in your integration
Checkres.ok after every request and parse the detail field from the response body:
Common error scenarios
401, missing or invalid token
401, missing or invalid token
You’ll receive a
401 when:- The
Authorizationheader is absent - The header is present but not in
Bearer <token>format - The token has been deleted or is otherwise invalid
Authorization header on the request.403, insufficient permissions
403, insufficient permissions
You’ll receive a
403 when your token is valid but the action requires a role you don’t have. For example, only organization admins can invite members, change member roles, or view documents owned by other members.Fix: check that the API key belongs to a user with the required role, or contact your organization admin.400, bad request
400, bad request
You’ll receive a
400 when the request body is malformed or a required field is missing. The detail field will describe what’s wrong, for example, "count must be 1–100".Fix: validate your request payload against the endpoint’s required fields before sending.500, internal server error
500, internal server error
A
500 indicates an unexpected error on DocInject’s side. These are rare and usually transient.Fix: retry the request with exponential backoff. If the error persists, contact DocInject support with the request details and timestamp.
