Skip to main content
The Interstellas API uses the status field in the response envelope to signal success or failure. On error, status is false and message describes the problem.

Error response format

All error responses follow the same envelope as successful ones: 
{
  "status": false,
  "message": "Invalid credentials.",
  "data": null
}
status
boolean
Always false for error responses. Check this field first in your error-handling logic.
message
string
A human-readable description of what went wrong. Use this for logging and debugging — do not drive conditional logic in your application from this string.
data
null
null on all error responses.

HTTP status codes

StatusMeaningCommon cause
200 OKRequest succeeded
201 CreatedResource created
400 Bad RequestInvalid or missing parametersRequired field absent or wrong type
401 UnauthorizedAuthentication failedMissing, expired, or invalid Authorization token or SECRET_KEY
403 ForbiddenInsufficient permissionsToken valid but lacks access to this resource
404 Not FoundResource does not existInvalid ID in the URL path
422 Unprocessable EntityValidation errorField value failed server-side validation
500 Internal Server ErrorUnexpected server errorRetry with exponential backoff

Handling errors in code

const res = await fetch("https://sandbox.stellasbank.com/api/v1/...", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: "Bearer YOUR_ACCESS_TOKEN",
    SECRET_KEY: "YOUR_SECRET_KEY",
    businessId: "YOUR_BUSINESS_ID",
  },
  body: JSON.stringify({ /* request body */ }),
});

const json = await res.json();

if (!json.status) {
  console.error("API error:", json.message);
  return;
}

// Safe to use json.data here
Always check json.status (the field in the response body) in addition to the HTTP status code. Some error conditions may return 200 with status: false.

Authentication errors

If you receive 401 Unauthorized, verify that:
  1. The Authorization header is present and formatted as Bearer YOUR_ACCESS_TOKEN.
  2. The SECRET_KEY header is present and matches your account’s secret key.
  3. The businessId header is present and valid.
  4. Your access token has not expired — re-authenticate via POST /auth/signin if needed.
See Authentication for a full credential reference.