Atlas CMS

Error Handling

The response envelope, HTTP status codes, and how to handle errors from the Public API.

Error Handling

Every Atlas Public API response — success or error — is returned as JSON wrapped in a consistent envelope.

Response Envelope

FieldTypePresent whenDescription
successbooleanAlwaystrue for successful requests, false for errors.
messagestringAlwaysHuman-readable summary of the result.
dataanySuccess onlyThe payload (object or array).
metaobjectList endpointsPagination info (total, page, limit, next_cursor).
codestringErrors onlyMachine-readable error code (e.g. UNAUTHORIZED).
errorsobjectValidation errorsField-level detail (e.g. { "type": ["required"] }).
traceIdstringErrors onlyRequest trace ID — include this when reporting an issue.

HTTP Status Codes

CodeMeaning
200OK — request succeeded.
400Bad Request — malformed parameters (e.g. invalid cursor, page out of range).
401Unauthorized — X-API-Key header is missing or empty.
403Forbidden — key is valid but does not have access to the requested resource.
404Not Found — entry, page, or media file does not exist, or belongs to a different workspace.
429Too Many Requests — rate limit exceeded; back off and retry.
500Internal Server Error — something went wrong on Atlas's side.

Example Responses

200 — Success
{
  "success": true,
  "message": "Success",
  "data": { "slug": "getting-started-with-headless-cms", "status": "published" }
}
401 — Missing API key
{
  "success": false,
  "message": "missing X-API-Key header",
  "code": "UNAUTHORIZED",
  "traceId": "req_a1b2c3d4"
}
403 — Key has no access to this content type
{
  "success": false,
  "message": "Access to this content type is not allowed for this API key",
  "code": "FORBIDDEN",
  "traceId": "req_e5f6g7h8"
}
404 — Entry not found
{
  "success": false,
  "message": "entry not found",
  "code": "NOT_FOUND",
  "traceId": "req_i9j0k1l2"
}

Handling Tips

  • Check success first — don't parse data before confirming the request succeeded.
  • On 401 — verify the X-API-Key header is present and correct. Rotate the key from the dashboard if you believe it has been compromised.
  • On 403 — the key exists but lacks access to this content type. Check the key's scope in the dashboard (Settings → API Keys).
  • On 429 — respect the rate limit with an exponential-backoff retry strategy.
  • Log the traceId from error responses to speed up debugging and support requests.

On this page