Skip to content
Thesma docs

Errors

Every error — from auth failures to validation errors to 429s — follows the same JSON shape. Client code can pattern-match on error_code rather than parsing HTTP status alone.

Canonical shape

Section titled “Canonical shape”
{
  "error": "short_error_slug",
  "error_code": "specific_machine_readable_code",
  "message": "Human-readable description of what went wrong.",
  "details": {
    "field": "optional, present on validation errors"
  }
}
  • error — short category slug (unauthorized, not_found, validation_error, rate_limit_exceeded, server_error).
  • error_code — machine-readable code for programmatic handling. Stable across versions.
  • message — human-readable description. Safe to show to developers; not intended for end users.
  • details — optional context. Present on validation errors (offending field, received value) and rate-limit errors (limit, reset time).

Status codes

Section titled “Status codes”
StatusCategoryCommon causes
400Validation errorInvalid query parameter, malformed date, unknown ticker, per_page out of range
401UnauthorizedMissing API key, invalid key, revoked key
403ForbiddenAccount suspended, key disabled
404Not foundNo data for the requested ticker / CBSA / FIPS / industry code
422Unprocessable entitySemantic validation failure (e.g., date range outside covered period)
429Rate limitedDaily or burst cap exceeded — see Rate limits
500Server errorSomething broke on our side. Transient — retry with backoff. Report persistent 500s to support@thesma.dev with the response body.
503Service unavailableUpstream data source (SEC, Census, BLS, SBA) is temporarily unreachable. Transient.

Common error_code values

Section titled “Common error_code values”

Auth (401 / 403)

Section titled “Auth (401 / 403)”
error_codeFix
missing_api_keyPass the key via X-API-Key or Authorization: Bearer header
invalid_api_keyKey does not exist or has been revoked. Generate a new key in the portal.
account_suspendedContact support — account is suspended

Validation (400 / 422)

Section titled “Validation (400 / 422)”
error_codeFix
invalid_parameterCheck the details.field — parameter value is malformed or out of range
unknown_tickerTicker not in the SEC EDGAR universe. See SEC EDGAR coverage.
unknown_cbsaCBSA code not recognised. See US Census coverage.
date_out_of_rangeRequested date is outside the dataset’s covered period

Rate limits (429)

Section titled “Rate limits (429)”
error_codeFix
daily_limit_exceededWait until midnight UTC or upgrade tier. See Rate limits.
burst_limit_exceededWait 1 second and retry. Usually means you’re paginating too fast.

Server (500 / 503)

Section titled “Server (500 / 503)”
error_codeFix
internal_errorRetry with exponential backoff. Report persistent cases.
upstream_unavailableUpstream data source is down. Retry later.

Error envelope, always

Section titled “Error envelope, always”

Even on 500s the response is JSON with the above shape — the API never returns a bare HTML error page. If you get one, it’s from a layer in front of the API (your proxy, a load balancer, a caching CDN) and worth investigating there.

Retries

Section titled “Retries”
  • 4xx are your problem — don’t retry unless the cause is transient (e.g., 429).
  • 5xx are our problem — retry with exponential backoff (the Python SDK does this automatically).
  • 429 — respect Retry-After and retry after the specified number of seconds.