Errors
Shape
{
"error": {
"code": "ATTENDANCE_LOCKED",
"message": "April 2026 is locked for this unit. Contact SuperAdmin to unlock.",
"details": {
"unit_id": 12,
"month": "2026-04"
}
}
}
HTTP Status Codes
| Code | Meaning |
|---|---|
| 200 | Success. |
| 201 | Created. |
| 204 | No Content (e.g. logout). |
| 400 | Bad request / validation. |
| 401 | Missing or invalid token. |
| 403 | Authenticated but not allowed. |
| 404 | Resource not found / not in scope. |
| 409 | Conflict (e.g. overlapping shift). |
| 422 | Validation error with field details. |
| 423 | Locked (device not approved, attendance month locked). |
| 429 | Rate limited. |
| 500 | Server error. |
Common Error Codes
| Code | When |
|---|---|
VALIDATION_FAILED | 422 — input didn't match rules. |
UNAUTHENTICATED | 401. |
FORBIDDEN | 403 — role or scope check failed. |
SHIFT_NOT_ASSIGNED | 400 — employee punched on a date with no shift. |
SHIFT_WINDOW_VIOLATION | 400 — punched outside earliest/latest window. |
DEVICE_NOT_APPROVED | 423 — device binding in effect. |
GEO_VIOLATION_BLOCKED | 400 — geo policy is block. |
ATTENDANCE_LOCKED | 423 — month is locked. |
APPROVAL_REQUIRED | 202 — accepted but awaiting approval. |
RATE_LIMITED | 429. |
IDEMPOTENCY_REUSE | 200 — previous response replayed. |