Skip to content

Error Codes

Complete reference of all error codes returned by the Slotty Labs API.

Operator-Facing Errors (80xxx)

These errors are returned to operator backends when making API calls.

CodeHTTP StatusDescription
80001401Invalid API Key — The API key is missing, malformed, or revoked
80002401Invalid Signature — HMAC signature verification failed
80003429Rate Limited — Too many requests; check Retry-After header
80004400Invalid Request — Request body validation failed
80005403Forbidden — API key does not have permission for this action
80006404Resource Not Found — The requested resource does not exist
80007409Conflict — Resource already exists or state conflict
80008402Insufficient Balance — Player does not have enough balance
80009503Service Unavailable — Platform is temporarily unavailable
80010404Player Not Found — No player found with the given ID
80011400Invalid Currency — Currency code is not supported

Example Error Response

json
{
  "success": false,
  "error": {
    "code": "80001",
    "message": "Invalid API key",
    "details": {
      "hint": "Ensure you are using the correct environment key (sandbox vs production)"
    }
  },
  "requestId": "req_abc123"
}

Game Engine Errors

These errors occur during game play, typically returned via WebSocket.

CodeDescription
30007Insufficient Balance — Player cannot afford the bet amount
30601Round Not Found — No active round for this player/game
30602Invalid Action — The action is not valid for the current game state
30603Round Already Complete — Attempting to act on a finished round
30021Game Not Available — Game is disabled or under maintenance

Example WebSocket Error

json
{
  "type": "error",
  "payload": {
    "code": "30007",
    "message": "Insufficient balance",
    "details": {
      "required": 20.00,
      "available": 15.50,
      "currency": "USD"
    }
  },
  "requestId": "req-001",
  "timestamp": 1719849600000
}

SSO Errors

These errors are specific to the SSO authentication flow.

CodeHTTP StatusDescription
SSO_INVALID_SIGNATURE401HMAC signature on the SSO token creation request is invalid. Check your webhook secret and signing algorithm.
SSO_TOKEN_ALREADY_USED409The SSO launch token has already been exchanged for a session. Tokens are single-use; create a new one.

SSO_INVALID_SIGNATURE

json
{
  "success": false,
  "error": {
    "code": "SSO_INVALID_SIGNATURE",
    "message": "HMAC signature verification failed",
    "details": {
      "hint": "Verify the signing payload format: timestamp.METHOD.path.body"
    }
  },
  "requestId": "req_xyz789"
}

SSO_TOKEN_ALREADY_USED

json
{
  "success": false,
  "error": {
    "code": "SSO_TOKEN_ALREADY_USED",
    "message": "This SSO token has already been exchanged",
    "details": {
      "jti": "tok_abc123",
      "exchangedAt": "2026-01-15T10:30:00.000Z"
    }
  },
  "requestId": "req_def456"
}

Error Handling Best Practices

Retry Logic

Error CodeRetryableStrategy
80003 (Rate Limited)Wait for Retry-After header value
80009 (Service Unavailable)Exponential backoff (1s, 2s, 4s, 8s, max 30s)
30007 (Insufficient Balance)Prompt player to deposit
80001 (Invalid API Key)Check configuration
80002 (Invalid Signature)Check signing implementation
All other codesLog and investigate

SDK Error Handling

typescript
import { SlottyClient, SlottyApiError } from '@slottylabs/sdk';

const client = new SlottyClient({ apiKey: 'sk_sandbox_...' });

try {
  await client.auth.createSSOToken({ ... });
} catch (err) {
  if (err instanceof SlottyApiError) {
    // Structured API error
    console.error(`Error ${err.code}: ${err.message}`);
    console.error(`Request ID: ${err.requestId}`);

    if (err.code === '80003') {
      // Rate limited — retry after delay
      const retryAfter = err.body?.retryAfter ?? 60;
      await sleep(retryAfter * 1000);
      // Retry the request...
    }
  } else {
    // Network error, timeout, etc.
    console.error('Network error:', err.message);
  }
}

HTTP Status Code Summary

StatusMeaningCommon Causes
200SuccessRequest processed successfully
201CreatedResource created (e.g., player, webhook)
400Bad RequestInvalid request body or parameters
401UnauthorizedInvalid or missing API key / signature
402Payment RequiredInsufficient balance
403ForbiddenInsufficient permissions
404Not FoundResource does not exist
409ConflictDuplicate resource or state conflict
429Too Many RequestsRate limit exceeded
500Internal Server ErrorUnexpected server error (contact support)
503Service UnavailableTemporary maintenance or overload