Error model
Each per-endpoint Errors section lists the status codes and causes for that endpoint. This page covers the response shape — what the response body looks like across the API.
Status codes
| Status | Meaning |
|---|---|
| 400 Bad Request | The request failed schema validation, or the handler rejected it (missing user_key, validation rule failure, malformed input). |
| 401 Unauthorized | The bearer token is missing or invalid, or user_key does not match a known agency. |
| 403 Forbidden | The agency is not authorized for the requested market or currency combination. |
| 404 Not Found | The resource — typically a booking session — does not exist or has expired. |
| 409 Conflict | The session state does not permit the call (e.g. attempting to confirm a session that has no held booking, or creating a held booking on a session that already has one). |
| 500 Internal Server Error | Something went wrong on the server. Retry the call; if the error persists, report the CorrelationId from the response body. |
Response body shapes
The response body shape varies by status code. None of these wrap the payload in a top-level error envelope; the body is the value itself.
Validation errors (400)
Schema validation failures return a JSON object keyed by request property. Each value is an array of error messages for that property.
{
"Cabins": [
"Cabins must not be empty.",
"Total number of guests must not exceed 9."
],
"Date": [
"'Date' must not be empty."
]
}
Property keys match request-body field names (PascalCase). Field-specific causes are listed under each endpoint's Validation rules.
Handler-rejected requests (400, 404, 409)
When a handler rejects a request (missing user_key, business-rule failure, missing or expired session, session state conflict), the body is a plain-text string explaining the cause.
Session expired or invalid.
Booking session is not of type voyage-only.
These are short, fixed messages; partners should branch on the status code and the per-endpoint Cause column rather than parsing the body text.
Authorization errors (401, 403)
401 responses have no body. 403 responses have a plain-text message.
Server errors (500)
Unhandled server errors return application/problem+json with a fixed shape:
{
"Status": 500,
"Title": "An unexpected error occurred.",
"Detail": "An unexpected error occurred while processing your request. Please try again later.",
"CorrelationId": "8c2f3b2d-1d6f-4f3a-9c5d-3a7b1e6f4b2d"
}
Include CorrelationId when contacting support — it ties the failed request to the server-side log entry.
CorrelationId is server-generated; client-supplied X-Correlation-ID request headers are not echoed back to the response and should not be relied on.