CoinPay

Errors

Error response shape and common merchant API codes.

All merchant API errors use the same JSON shape:

{
  "error": {
    "code": "INVALID_AMOUNT",
    "message": "Human-readable message"
  }
}

Use error.code for programmatic handling. message is for logs and debugging.

HTTP status

StatusTypical meaning
400Validation / bad request
401Missing or invalid API key
403Not allowed (e.g. live not approved)
404Resource not found
409Conflict (e.g. idempotency mismatch)
429API key rate limit exceeded
500Unexpected server error

Common codes

Auth

CodeStatusWhen
UNAUTHORIZED401Missing Bearer / session
INVALID_API_KEY401Invalid or revoked API key
RATE_LIMITED429API key over 100 requests/minute

Invoices

CodeStatusWhen
INVALID_AMOUNT400Amount not a positive decimal string (max 6 decimal places)
INVALID_METADATA400Metadata is not a JSON object
INVALID_NETWORK400networkId missing/invalid or unknown
INVALID_TOKEN400token not USDC or USDT
NETWORK_NOT_ENABLED400Network exists but not enabled for this merchant/environment
TOKEN_NOT_SUPPORTED_ON_NETWORK400Token not enabled on the requested network
NO_AVAILABLE_PAYMENT_METHOD400Constraints leave no valid chain/token
ENVIRONMENT_NOT_ALLOWED400API key request included environment (omit it)
INVALID_ENVIRONMENT400Session body environment not test or live
IDEMPOTENCY_KEY_REQUIRED400Missing Idempotency-Key on create
INVALID_IDEMPOTENCY_KEY400Key longer than 255 characters
IDEMPOTENCY_CONFLICT409Same key, different body
LIVE_NOT_APPROVED403Live invoice / live key before go-live approval
MERCHANT_SUSPENDED403Merchant account is suspended
NO_ENABLED_CHAINS400No networks enabled for that environment
CHAIN_NOT_CONFIGURED400Vault/RPC not ready for enabled chains
INVOICE_NOT_FOUND404Unknown or other-merchant invoice
MERCHANT_NOT_FOUND404Merchant profile missing

Webhooks

CodeStatusWhen
INVALID_ENVIRONMENT400Env missing/mismatched
INVALID_WEBHOOK_URL400Bad URL or live URL not public HTTPS
INVALID_WEBHOOK_SECRET400Secret length out of range
WEBHOOK_SECRET_REQUIRED400First create without secret
INVALID_CUSTOM_HEADERS400Bad headers / reserved names
WEBHOOK_NOT_CONFIGURED404No endpoint for that environment
DELIVERY_NOT_FOUND404Unknown delivery id

Idempotency reminder

POST /v1/invoices requires Idempotency-Key.

  • Same merchant + key + same body → original invoice (HTTP 200)
  • Same key + different bodyIDEMPOTENCY_CONFLICT (409)

Generate a fresh key per distinct create attempt (UUID is fine).

Rate limits

Phase 1 default: 100 requests/minute per API key. Treat 429 as retry-with-backoff if you encounter it.

On this page