Errors and security

Omdaa API uses standard HTTP status codes together with a consistent JSON response body that includes success, message and data fields.

Response format

{
  "success": false,
  "message": "Error description",
  "data": null
}

Common error cases

  • 400 invalid request body or missing fields.
  • 401 missing or invalid authentication token.
  • 403 insufficient permissions for the current account.
  • 404 endpoint not found or resource missing.
  • 429 too many requests in a short period of time.
  • 500 unexpected server-side error.

Security best practices

  • Store JWT tokens and API keys securely and never expose them.
  • Restrict API keys to specific environments or IP ranges.
  • Rotate keys regularly and revoke unused credentials.
  • Verify webhook signatures before processing webhook payloads.