Skip to main content
When a request fails, the API returns a non-2xx HTTP status and an error envelope with a machine-readable code field, a human-readable message, and (sometimes) a structured details payload.

All error codes

The full list is also available programmatically at /v2/meta — useful if you want to keep your client’s error map in sync with the API.

Handling errors in code

Always check success before reading data. Use error.code to branch your error handling.

Guidance per code

UNAUTHORIZED — Check the X-API-Key header is present, the value has no leading/trailing space, and the key hasn’t been revoked at backquant.com/api-access. FORBIDDEN — Your subscription doesn’t allow this resource. Usually a sign you’ve downgraded a paid tier or your subscription lapsed. NOT_FOUND — Don’t retry. Either the symbol/expiry doesn’t have cache yet (cold start, or unsupported symbol), or the path is wrong. VALIDATION_ERROR — Read error.details.errors for the failing parameter list. Common causes: passing BTC instead of BTCUSDT, unsupported ?greek= value, out-of-range numeric param. RATE_LIMIT_EXCEEDED — Read Retry-After header (or meta.rate_limit.reset) and wait. The /v2/options/chain is the most expensive single endpoint — if you’re polling it aggressively, batch with multi-symbol bundles or pull only the contracts you need with ?max_contracts. UPSTREAM_ERROR — Transient. Exponential backoff (2s, 4s, 8s) usually clears it within ~30s. If it persists past a minute, check /v2/health. INTERNAL_ERROR — Always include meta.request_id when reporting to dev@backquant.com. We trace by it.

Always-present headers

Even on errors, the response carries:
  • X-RateLimit-Limit — your tier’s per-minute cap
  • X-RateLimit-Remaining — calls left in the current window
  • X-RateLimit-Reset — Unix timestamp when the window resets
  • Retry-After — seconds until safe to retry (on 429 only)
  • X-Request-ID — the same UUID as meta.request_id

See also

Rate limits

Per-tier limits and how to think about backoff.

Authentication

Avoiding UNAUTHORIZED errors.

Data freshness

What NOT_FOUND actually means per endpoint.