Skip to main content

Error Response Format

All errors return a JSON body with at minimum a message field: 
{
  "message": "Threshold exceeds company limit",
  "code": "B013"
}
Some endpoints return additional context in a details array or an error string field depending on the API version.

HTTP Status Codes

CodeMeaningWhat to do
200Success
400Bad request — invalid parameters or missing required fieldsFix the request body or query parameters before retrying
401Unauthorized — missing, expired, or invalid Bearer tokenRefresh your token and retry
403Forbidden — valid token but insufficient permissionsCheck the user role (requires Administrator or the relevant scope)
404Not found — resource does not existVerify the UUID or path parameter
422Unprocessable entity — request is well-formed but fails business validationCheck the code field for the specific Clara error code
429Rate limit exceededBack off and retry with exponential backoff (see Rate Limits)
500Internal server errorRetry once after a short delay; if persistent, contact support
511Network authentication requiredYour mTLS certificate is missing or not being sent — check your client cert configuration

Response body examples by status code

400 — Bad request (invalid parameter) 
{
  "code": "VALIDATION_ERROR",
  "message": "Invalid date format: startDate must be YYYY-MM-DD",
  "timestamp": "2024-03-15T10:30:00Z"
}
401 — Unauthorized (expired token) 
{
  "code": "UNAUTHORIZED",
  "message": "Unauthorized",
  "timestamp": "2024-03-15T10:30:00Z"
}
403 — Forbidden (insufficient role) 
{
  "code": "FORBIDDEN",
  "message": "Access denied: insufficient permissions for this resource",
  "timestamp": "2024-03-15T10:30:00Z"
}
404 — Not found 
{
  "code": "NOT_FOUND",
  "message": "Card with UUID '1614c41b-8eb4-4573-9262-8aff011224c5' not found",
  "timestamp": "2024-03-15T10:30:00Z"
}
422 — Business validation failure 
{
  "code": "B013",
  "message": "Threshold exceeds company limit",
  "timestamp": "2024-03-15T10:30:00Z"
}
500 — Internal server error 
{
  "code": "B033",
  "message": "Core service failure",
  "timestamp": "2024-03-15T10:30:00Z"
}

Auth Errors (401 / 403)

401 — Token expired

Tokens have a finite lifetime (expires_in seconds). When one expires, every request returns 401. 
{ "message": "Unauthorized" }
Fix: Request a new token from /oauth/token and retry. In production, refresh proactively before expiry rather than waiting for a 401.

401 — Missing certificate

If the mTLS handshake fails because no client certificate is presented: 
{ "message": "Unauthorized" }
Fix: Ensure --cert and --key are included in every request. See Troubleshooting for certificate debugging steps.

403 — Insufficient role

A valid token from a user role that doesn’t have access to the endpoint. Fix: Confirm the API user has the COMPANY_OWNER or required role. Role requirements vary by endpoint.

Business Error Codes

Clara API returns business-specific error codes for validation failures. These appear in the code or message field of the response body.

Cards

CodeMessageCauseFix
B013Threshold exceeds company limitThe card threshold exceeds the company’s available credit lineSet a lower threshold or contact your Clara account team to review credit limits
B022User is not activatedThe target user hasn’t completed email verification or 2FA setup, or the user has been deletedVerify the user is active in the Clara platform before issuing a card
B033Core service failureInternal processing failureRetry after a short delay; if persistent, contact integration support
This user already has a card in the creation queue. Try again in 2 minutesConcurrent card creation for the same user is not allowedWait for the in-progress creation to complete or timeout (~2 min) before retrying

Users

ScenarioStatusCause
Tax ID format invalid400Tax ID must match country format: MX = 11 or 13 chars, BR = 11 digits, CO = 7–10 digits
Duplicate email400A user with that email already exists in the company

Transactions / Filtering

ScenarioStatusCause
Invalid date format400Dates must be YYYY-MM-DD. Use ISO 8601 — no slashes or other separators
startDate > endDate400Date range is invalid — start must be ≤ end

Digital Account (Brazil)

ScenarioStatusCause
Invalid transactionTypeName400Must be one of: PIX, TED, BILL, TRANSACTION
Invalid date format400Must be YYYY-MM-DD
startDate > endDate400Start date must be ≤ end date

Rate Limits

Requests are rate-limited per client certificate across all endpoints. Limits are applied separately to read (GET) and write (POST, PATCH, DELETE) operations — write endpoints have lower limits. When you exceed the limit, the API returns 429 Too Many Requests: 
{ "message": "Too Many Requests" }
Retry strategy: Use exponential backoff with jitter. A safe starting point: 
import time, random

def request_with_retry(fn, max_retries=4):
    for attempt in range(max_retries):
        response = fn()
        if response.status_code != 429:
            return response
        wait = (2 ** attempt) + random.uniform(0, 1)
        time.sleep(wait)
    raise Exception("Rate limit exceeded after retries")
For sustained high-volume use cases, contact your Clara integration team to discuss limit increases.

Retry Guidance

StatusRetry?Notes
400NoFix the request first
401Yes — after refreshRefresh token, then retry once
403NoPermission issue — retrying won’t help
404NoResource doesn’t exist
429Yes — with backoffWait before retrying
500Yes — onceRetry after 2–5 seconds; escalate if persistent
511NoCertificate configuration issue

Support Contacts

If you encounter persistent errors not covered here:
CountryIntegration Support
Mexicointegration.support.mx@clara.team
Brazilintegration.support.br@clara.team
Colombiaintegration.support.co@clara.team