Skip to main content

Errors & rate limits

Errors are JSON with a stable machine code and a human explanation:

{ "error": "BAD_CHECK_DIGIT", "detail": "not a valid ADAS code" }

Error codes

HTTPerrorMeaning
400EMPTY / BAD_CHARSET / BAD_STRUCTURE / BAD_LENGTHinput is not a well-formed code
400BAD_CHECK_DIGITwell-formed but a digit is wrong — re-ask the human, don't retry
400BAD_PHONEphone not E.164
401BAD_CREDENTIALSwrong phone/password, or invalid/revoked key
404NOT_FOUNDvalid code, but nothing registered under it
409PHONE_TAKENaccount already exists — log in instead
422OUTSIDE_COVERAGEcoordinate is not inside any active country's zones
503OTP_DISABLEDphone verification not yet available

The distinction between BAD_CHECK_DIGIT (400) and NOT_FOUND (404) matters operationally: a 400 means the code was miscommunicated — prompt the user to re-read it; a 404 means the code was never issued or was deactivated.

Rate limits

ScopeDefault
Address resolution120/min per client
Auth endpoints15/min per IP
OTP requests10/hour per IP

Throttled requests return 429 with a Retry-After header. Higher limits come with partner agreements — hello@adas.africa.