Error Codes
Comprehensive reference for all error codes returned by the Texture REST API
Error Response Structure
All error responses from the Texture REST API return a JSON body with at minimum a code and message field:
{
"code": "ERROR_CODE",
"message": "Human-readable description of the error"
}| Field | Type | Description |
|---|---|---|
code | string | Machine-readable error code. Use this for programmatic error handling. |
message | string | Human-readable description. Use for logging — do not parse for control flow, as wording may change. |
Additional Fields
Some error responses include extra fields alongside code and message:
| Field | Type | When Present | Description |
|---|---|---|---|
details | object | Validation errors | Contains field-level error information |
mismatchedFields | string[] | PARAMETER_MISMATCH only | Lists which fields differ from the existing resource |
retryAfter | number | RATE_LIMITED only | Seconds until rate limit window resets (also in Retry-After header) |
Example: Standard Error
{
"code": "DEVICE_NOT_FOUND",
"message": "The specified device does not exist"
}Example: Validation Error with Details
{
"code": "VALIDATION_ERROR",
"message": "The request body failed validation",
"details": {
"serialNumber": "Serial number is required",
"capacity": "Must be a positive number"
}
}Example: Rate Limit Error
{
"code": "RATE_LIMITED",
"message": "Rate limit exceeded. Try again later.",
"retryAfter": 42
}Example: Conflict with Mismatched Fields
{
"code": "PARAMETER_MISMATCH",
"message": "A device with this manufacturer device ID already exists with different parameters",
"mismatchedFields": ["serialNumber", "name"]
}Authentication Errors (401)
Returned when the API cannot verify the caller's identity.
| Error Code | Description | What to Do |
|---|---|---|
UNAUTHENTICATED | Missing, invalid, expired, or revoked API key | Verify your API key is included, correctly formatted, and active. Generate a new key in the Dashboard if needed. |
Common causes
- Missing
Texture-Api-Keyheader - Malformed API key value
- API key has been revoked or expired
- Using the wrong API key type for the endpoint (e.g., using a Management key on an OEM endpoint that requires a Manufacturer key)
Do not retry. Fix the API key and re-send.
Authorization Errors (403)
Returned when the API key is valid but lacks permission for the requested operation.
| Error Code | Description | What to Do |
|---|---|---|
FORBIDDEN | Insufficient permissions for this resource or action | Verify the key's scopes include the resource type and operation you're attempting |
DEVICE_MODEL_MANUFACTURER_MISMATCH | The device model belongs to a different manufacturer than your API key | Confirm your Manufacturer API key matches the device model's manufacturer |
DEVICE_NOT_OEM_DIRECT | The device was not provisioned via OEM Direct | Only OEM Direct devices can receive telemetry via POST /devices/:id/telemetry |
MANUFACTURER_NOT_ALLOWED | The device's manufacturer is not in your API key's scope | Check that your Manufacturer API key is scoped to the correct manufacturer |
Do not retry. Adjust your API key permissions or correct the request.
Validation Errors (400)
Returned when the request data is invalid or the operation cannot be performed given the resource's current state.
| Error Code | Description | What to Do |
|---|---|---|
VALIDATION_ERROR | Required fields missing or invalid. The details field lists specific field errors. | Read the details object, fix the indicated fields, and retry |
INVALID_LOCATION | The provided address or coordinates could not be resolved to a valid location | Verify the address is correctly formatted and geocodable |
INVALID_STATE | The operation is not valid for the resource's current state | Check the resource's current state; some operations are only valid in certain lifecycle stages |
INVALID_STATUS | The requested status transition is not allowed | Consult the API docs for valid status transitions |
INVALID_CRITERIA | The filter or query criteria are malformed | Check filter syntax and supported operators |
CUSTOMER_NOT_CONNECTED_TO_SITE | The customer is not associated with the specified site | Verify the customer-site relationship before performing this operation |
DELETION_PROTECTION_ENABLED | Workspace has deletion protection enabled | Disable deletion protection before retrying |
SITE_ALREADY_EXISTS | A site with this address already exists in the workspace | Use the existing site or provide a different address |
DUPLICATE_NAME | A resource with this name already exists in the same scope | Choose a different name |
DEVICE_MODEL_NOT_FOUND | The specified deviceModelId does not match any known device model | Verify the device model ID; use the device models endpoint to list available models |
Do not retry without modifying the request. Read the message and details fields to identify what needs to change.
Resource Not Found Errors (404)
Returned when the specified resource does not exist or is not accessible with your current API key.
| Error Code | Description |
|---|---|
NOT_FOUND | The requested resource does not exist |
CUSTOMER_NOT_FOUND | The specified customer ID does not exist |
DEVICE_NOT_FOUND | The specified device ID does not exist |
SITE_NOT_FOUND | The specified site ID does not exist |
SITE_NOT_IN_WORKSPACE | The site exists but is not accessible from your current workspace scope |
APIKEY_NOT_FOUND | The specified API key ID does not exist |
WORKSPACE_NOT_FOUND | The specified workspace ID does not exist |
SCHEDULE_NOT_FOUND | The specified schedule ID does not exist |
DEVICE_NOT_ASSOCIATED | The device exists but is not associated with any workspace |
COLLECTION_NOT_FOUND | The specified collection ID does not exist |
Verify the resource ID is correct. The resource may have been deleted, or your API key may not have access to the workspace that contains it.
Conflict Errors (409)
Returned when the request conflicts with the current state of an existing resource.
| Error Code | Description | What to Do |
|---|---|---|
DUPLICATE_CONNECTION | A connection with these parameters already exists | Use the existing connection instead of creating a duplicate |
PARAMETER_MISMATCH | A device with the same manufacturerDeviceId exists with different attribute values | Either update the existing device or correct the conflicting fields in your request |
Handling PARAMETER_MISMATCH
This error is specific to OEM device creation (POST /devices). When you create a device and one with the same manufacturerDeviceId already exists, the API compares fields. If they all match, the call succeeds idempotently. If any fields differ, you receive PARAMETER_MISMATCH with a mismatchedFields array listing the differing fields.
Rate Limit Errors (429)
Returned when the caller exceeds the API's request rate limits.
Rate Limit Response Headers
| Header | Type | Description |
|---|---|---|
X-RateLimit-Limit | number | Maximum requests allowed per window |
X-RateLimit-Remaining | number | Requests remaining in the current window |
X-RateLimit-Reset | number | Unix timestamp (seconds) when the window resets |
Retry-After | number | Seconds until you can retry |
Rate Limits by Operation Type
| Operation Type | Limit |
|---|---|
| Read operations (GET) | 300 requests/minute |
| Write operations (POST, PATCH, PUT, DELETE) | 60 requests/minute |
Rate limits are applied per API key. Wait for the number of seconds in Retry-After, then retry. For sustained rate limiting, implement exponential backoff.
Server Errors (500, 502)
Returned when an unexpected error occurs on the server side. These are never caused by your request data.
| HTTP Status | Error Code | Description |
|---|---|---|
| 500 | UNKNOWN_ERROR | An unexpected error occurred while processing the request |
| 500 | LOCATION_SERVICE_ERROR | The address validation service is temporarily unavailable |
| 502 | SERVICE_UNAVAILABLE | A dependent service is temporarily unreachable |
Retry with exponential backoff (1s → 2s → 4s). After 3–5 retries, stop and contact Texture support.
OEM Device Integration Errors
Quick reference for OEM Direct Integration endpoints.
Device Creation — POST /devices
| Error Code | HTTP | Description | What to Do |
|---|---|---|---|
VALIDATION_ERROR | 400 | Required fields missing or invalid | Check details for field-level errors |
DEVICE_MODEL_NOT_FOUND | 400 | The deviceModelId does not match any known model | Verify the device model ID |
SITE_NOT_FOUND | 404 | The specified siteId does not exist | Verify the site ID |
DEVICE_MODEL_MANUFACTURER_MISMATCH | 403 | The device model belongs to a different manufacturer | Use a model belonging to your manufacturer |
PARAMETER_MISMATCH | 409 | Device with same manufacturerDeviceId exists with different attributes | See Conflict Errors section |
Idempotency
If you create a device with a manufacturerDeviceId that already exists and all fields match, the request succeeds and returns the existing device. This allows safe retries.
Telemetry Push — POST /devices//telemetry
| Error Code | HTTP | Description | What to Do |
|---|---|---|---|
DEVICE_NOT_FOUND | 404 | The device ID does not exist | Verify the device ID |
DEVICE_NOT_OEM_DIRECT | 403 | The device was not provisioned via OEM Direct | This endpoint only accepts telemetry for OEM Direct devices |
MANUFACTURER_NOT_ALLOWED | 403 | The device's manufacturer is not in your API key's scope | Verify your Manufacturer API key scope |
DEVICE_NOT_ASSOCIATED | 404 | The device is not associated with any workspace | Device must be associated with a workspace before telemetry can be ingested |
VALIDATION_ERROR | 400 | The telemetry payload is invalid or missing required fields | Check details for field-level errors |
HTTP Status Code Quick Reference
| Status | Meaning | Retryable? | Action |
|---|---|---|---|
| 400 | Bad Request | No | Fix request data per code, message, and details |
| 401 | Unauthenticated | No | Fix or replace API key |
| 403 | Forbidden | No | Check API key scopes and permissions |
| 404 | Not Found | No* | Verify resource ID and workspace access |
| 409 | Conflict | No | Resolve the conflict per the error details |
| 429 | Too Many Requests | Yes | Wait for Retry-After, then retry |
| 500 | Internal Server Error | Yes | Retry with exponential backoff |
| 502 | Service Unavailable | Yes | Retry with exponential backoff |
* 404 may be retryable if the resource was very recently created (eventual consistency). A single retry after 1–2 seconds is reasonable.
Best Practices for Error Handling
- Branch on HTTP status code first. Use the status code to determine the error category, then inspect
codefor specifics. - Use
codefor programmatic handling. Thecodefield is stable and machine-readable. Map code values to specific handling logic in your client. - Use
messagefor logging only. Themessagefield is human-readable and may change without notice. Do not parse it for control flow. - Retry only retryable errors. Only 429, 500, and 502 responses should be retried. All other status codes indicate a problem with the request itself.
- Respect
Retry-After. When present, always honor theRetry-Afterheader before retrying. - Implement exponential backoff for server errors. Start at 1 second and double on each retry, up to a maximum of 3–5 attempts.
- Log the full error response. Always log
code,message, and any additional fields (details,mismatchedFields) for debugging. - Handle
PARAMETER_MISMATCHexplicitly in your device provisioning flow. This is an expected response when re-provisioning devices and should be handled as a recoverable conflict, not a generic error. - Monitor rate limit headers proactively. Check
X-RateLimit-Remainingon successful responses to throttle your request rate before hitting 429.