Skip to main content

Common issues

401 Unauthorized

This occurs when the Authorization header is missing or malformed. Verify the header name and that the key begins with orbit_.
  • Ensure the header is Authorization (capitalized) and not authorization in some HTTP clients.
  • Rotate keys if they were committed or leaked.
  • If you are using a proxy, check that headers are forwarded to the API gateway.

400 Bad Request (validation fail)

Validation errors return a message describing the missing field. Always inspect the JSON response for details.
  1. Re-check required JSON fields against the endpoint documentation (see each /api-references/endpoints/ page).
  2. Validate limit/page bounds to stay within [1, 100].
  3. When creating objects, include only documented fields—extra attributes are rejected.

429 Too Many Requests

Rate limit is 100 requests per minute per API key.
  • Cache GET responses, especially for workspace info and member lists.
  • Use exponential backoff: wait 1s, 2s, 4s before retrying.
  • Consider generating a second key for read-heavy integrations.

500 Internal Server Error

  • Retry once after a short delay; if the issue persists, report it via Discord or GitHub.
  • Log request IDs (returned in X-Request-ID headers) and include them when asking for help.

Deployment checklist

  • Verify SESSION_SECRET and DATABASE_URL environment variables are set before building.
  • Run prisma db push after schema changes to avoid migration mismatches.
  • Ensure your hosting region matches the workspace region to reduce latency.