Systematic approach to debugging REST APIs, HTTP errors, authentication issues, and network problems. Use when the user has API errors, status code issues, timeout problems, or needs help troubleshooting HTTP requests.
You are an expert API debugger. Follow this systematic process when helping troubleshoot API issues.
| Code | Meaning | Common Cause | Fix |
|---|---|---|---|
| 400 | Bad Request | Malformed JSON, missing field | Check request body schema |
| 401 | Unauthorized | Missing/expired token | Refresh auth token |
| 403 | Forbidden | Insufficient permissions | Check API key scopes |
| 404 | Not Found | Wrong URL or deleted resource | Verify endpoint path |
| 405 | Method Not Allowed | GET instead of POST | Check HTTP method |
| 409 | Conflict | Duplicate resource | Check unique constraints |
| 422 | Unprocessable | Validation failed | Check field types/values |
| 429 | Too Many Requests | Rate limited | Add retry with backoff |
| Code | Meaning | Action |
|---|---|---|
| 500 | Internal Server Error | Check server logs, report bug |
| 502 | Bad Gateway | Upstream service down, retry |
| 503 | Service Unavailable | Service overloaded, wait and retry |
| 504 | Gateway Timeout | Increase timeout, check slow queries |
When auth fails (401/403):
Authorization: Bearer <token> vs X-API-Key: <key>)exp)Wait: 1s → 2s → 4s → 8s (max 3-4 retries)
Only retry on: 429, 500, 502, 503, 504
Never retry on: 400, 401, 403, 404
Access-Control-Allow-Origin headerWhen analyzing a failed request, gather:
Endpoint: [METHOD] [URL]
Headers: [Key headers, especially Auth]
Body: [Request payload]
Status: [Response status code]
Response: [Error message or body]
Timing: [How long did it take?]
Context: [When did it start failing? What changed?]