zulip/templates/zerver/api/rest-error-handling.md

# Error handling

Zulip's API will always return a JSON format response.
The HTTP status code indicates whether the request was successful
(200 = success, 40x = user error, 50x = server error).  Every response
will contain at least two keys: `msg` (a human-readable error message)
and `result`, which will be either `error` or `success` (this is
redundant with the HTTP status code, but is convenient when printing
responses while debugging).

For some common errors, Zulip provides a `code` attribute.  Where
present, clients should check `code`, rather than `msg`, when looking
for specific error conditions, since the `msg` strings are
internationalized (e.g. the server will send the error message
translated into French if the user has a French locale).

Each endpoint documents its own unique errors; below, we document
errors common to many endpoints:

{generate_code_example|/rest-error-handling:post|fixture}

To help clients avoid exceeding rate limits, Zulip sets the following
HTTP headers in all API responses:

* `X-RateLimit-Remaining`: The number of additional requests of this
  type that the client can send before exceeding its limit.
* `X-RateLimit-Limit`: The limit that would be applicable to a client
  that had not made any recent requests of this type. This is useful
  for designing a client's burst behavior so as to avoid ever reaching
  a rate limit.
* `X-RateLimit-Reset`: The time at which the client will no longer
  have any rate limits applied to it (and thus could do a burst of
  `X-RateLimit-Limit` requests).

[Zulip's rate limiting rules are configurable][rate-limiting-rules],
and can vary by server and over time. The default configuration
currently limits:

* Every user is limited to 200 total API requests per minute.
* Separate, much lower limits for authentication/login attempts.

When the Zulip server has configured multiple rate limits that apply
to a given request, the values returned will be for the strictest
limit.

[rate-limiting-rules]: https://zulip.readthedocs.io/en/latest/production/security-model.html#rate-limiting
docs: Fix capitalization mistakes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-05-10 07:02:14 +02:00			`# Error handling`
/api: Expand "common errors" page to more generally cover error handling. 2018-04-17 00:42:34 +02:00
api docs: Make minor copyediting changes. 2018-09-26 04:28:29 +02:00			`Zulip's API will always return a JSON format response.`
			`The HTTP status code indicates whether the request was successful`
/api: Expand "common errors" page to more generally cover error handling. 2018-04-17 00:42:34 +02:00			`(200 = success, 40x = user error, 50x = server error). Every response`
			will contain at least two keys: `msg` (a human-readable error message)
			and `result`, which will be either `error` or `success` (this is
			`redundant with the HTTP status code, but is convenient when printing`
			`responses while debugging).`

			For some common errors, Zulip provides a `code` attribute. Where
			present, clients should check `code`, rather than `msg`, when looking
			for specific error conditions, since the `msg` strings are
			`internationalized (e.g. the server will send the error message`
			`translated into French if the user has a French locale).`

			`Each endpoint documents its own unique errors; below, we document`
			`errors common to many endpoints:`

openapi: Render all responses of an operation. Previously, one needed to specifying all the HTTP status codes that we want to render along with the operation, but the primary use case just needs the responses of all the status codes, and not just one. This commit modifies the Markdown extension to render all the responses of all status codes of a specified operation in a loop. 2021-07-13 17:33:43 +02:00			`{generate_code_example\|/rest-error-handling:post\|fixture}`
api docs: Document rate limiting rules. Unfortunately, the example doesn't work due to some sort of bug with the fixture generation system, which I've reported as #19072. 2021-06-30 22:03:22 +02:00
			`To help clients avoid exceeding rate limits, Zulip sets the following`
			`HTTP headers in all API responses:`

			* `X-RateLimit-Remaining`: The number of additional requests of this
			`type that the client can send before exceeding its limit.`
			* `X-RateLimit-Limit`: The limit that would be applicable to a client
			`that had not made any recent requests of this type. This is useful`
			`for designing a client's burst behavior so as to avoid ever reaching`
			`a rate limit.`
			* `X-RateLimit-Reset`: The time at which the client will no longer
			`have any rate limits applied to it (and thus could do a burst of`
			`X-RateLimit-Limit` requests).

api: Link to new rate-limiting configuration documentation. 2022-11-09 03:42:21 +01:00			`[Zulip's rate limiting rules are configurable][rate-limiting-rules],`
			`and can vary by server and over time. The default configuration`
			`currently limits:`
api docs: Document rate limiting rules. Unfortunately, the example doesn't work due to some sort of bug with the fixture generation system, which I've reported as #19072. 2021-06-30 22:03:22 +02:00
			`* Every user is limited to 200 total API requests per minute.`
			`* Separate, much lower limits for authentication/login attempts.`

			`When the Zulip server has configured multiple rate limits that apply`
			`to a given request, the values returned will be for the strictest`
			`limit.`
api: Link to new rate-limiting configuration documentation. 2022-11-09 03:42:21 +01:00
			`[rate-limiting-rules]: https://zulip.readthedocs.io/en/latest/production/security-model.html#rate-limiting`