Error codes
DPay Web EID uses standard HTTP status codes together with detailed business error codes in the response body.
Error response format
Business errors (non-validation 4xx errors)
{
"error": {
"code": "ERROR_CODE",
"message": "A human-readable error description."
}
}
Validation errors (422)
{
"message": "The provider field is required.",
"errors": {
"provider": ["The provider field is required."]
}
}
The errors field is a map in which each field name points to a list of validation messages for that field.
Error code table
| HTTP | Error code | Description | Solution |
|---|---|---|---|
| 401 | AUTHENTICATION_REQUIRED | Missing Authorization header | Add Authorization: Bearer <key> |
| 401 | INVALID_API_KEY | Invalid, expired or revoked key | Check the key in the panel and generate a new one if necessary |
| 401 | TENANT_NOT_FOUND | No tenant found for this key | The key may have been deleted - contact support@dpay.pl |
| 403 | TENANT_SUSPENDED | Tenant account suspended | Contact support@dpay.pl |
| 403 | TRANSACTIONS_NOT_AVAILABLE | Transactions are unavailable for this session type | Transactions are available only for purpose=account_data |
| 404 | RESULT_NOT_AVAILABLE | Verification result unavailable | Wait until the session reaches completed, or check whether the session exists |
| 404 | SESSION_NOT_COMPLETED | Session not completed | Wait until the session is complete before retrieving transactions |
| 404 | NOT_FOUND | Resource not found | Check the ID in the URL |
| 409 | SESSION_ALREADY_TERMINAL | Session is already in a terminal state | Completed sessions cannot be cancelled |
| 422 | INVALID_PURPOSE_MODE_COMBINATION | Unsupported purpose + mode combination | See the combination table |
| 422 | (field validation) | Request field validation error | Check errors in the response |
| 429 | - | Request limit exceeded | Wait for the number of seconds specified in the Retry-After header |
| 500 | - | Internal server error | Try again shortly; if the issue persists, contact support |
Rate limiting
Request limits are applied per API key:
- Default limit: 60 requests per minute per API key
When the limit is exceeded, the server returns 429 Too Many Requests with a Retry-After header that specifies how many seconds to wait.
HTTP/1.1 429 Too Many Requests
Retry-After: 30
Content-Type: application/json
{
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Too many requests. Please retry after 30 seconds."
}
}
Rate-limiting best practices
- Exponential backoff - after a 429 response, wait as instructed by
Retry-After, then double the delay (30s → 60s → 120s) - Caching - cache responses from
GET /verifications/{id}instead of polling in a tight loop - Webhooks over polling - use webhooks instead of polling the session status
- Batch requests - group requests instead of sending many individual ones
Debugging
Example - purpose/mode combination validation
curl -X POST https://hub.dpay.pl/api/v1/verifications \
-H "Authorization: Bearer deid_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"purpose": "identity_verification",
"mode": "dynamic",
"provider": "ais_psd2"
}'
Response:
{
"error": {
"code": "INVALID_PURPOSE_MODE_COMBINATION",
"message": "Purpose 'identity_verification' does not support mode 'dynamic'."
}
}
Solution: change purpose to account_data, or change mode to single/sequential/pool.
Example - field validation error
curl -X POST https://hub.dpay.pl/api/v1/verifications \
-H "Authorization: Bearer deid_live_xxx" \
-H "Content-Type: application/json" \
-d '{}'
Response:
{
"message": "The provider field is required.",
"errors": {
"provider": ["The provider field is required."]
}
}
Solution: add the required provider field, or use sequential/pool mode.
Support
If you encounter an error that is not listed in this table or do not know how to resolve it, email support@dpay.pl and include:
- The session ID (if applicable)
- The exact request and response, with the API key removed
- The timestamp when the error occurred
- A description of what you were trying to achieve