Common errors

Missing authentication

401 Unauthorized

The Authorization header is required, with its value set to Bearer your-access-key-token.

Missing scopes

403 Forbidden - { message: 'Missing access key scope(s): [scopes]' }

This means your access key was not correctly set up for accessing a specific resource. Access key scopes cannot be updated so you should create a new key with the correct scopes and revoke the old key.

Generally, GET requests require read access, POST/PUT/PATCH/DELETE requests require write access.

Missing parameters

400 Bad Request

When omitting a required parameter (e.g. a query key, body key or header), you'll usually receive a 400. Refer to the documentation for the API to make sure your request is correct.

The error object returned may be a single message (e.g. { message: Something went wrong }) or an error object, which includes a key for every invalid/missing key:

errors: {
  events: ['events is missing from the request body']
}

Rate-limiting

429 Too Many Requests

Receiving this status means you've hit Talo's rate limit. You should aim to make less than 50 requests per second e.g. by batching events and player stat updates.

Missing or invalid session

401 Authorized - { message: 'The x-talo-session header is required for this player', errorCode: 'MISSING_SESSION' }

401 Authorized - { message: 'The x-talo-session header is invalid', errorCode: 'INVALID_SESSION' }

When calling API endpoints on behalf of a player (i.e. using the x-talo-player or x-talo-alias header) that is using player authentication you must also send a valid x-talo-session header.

You'll need to include both the x-talo-player and the x-talo-alias headers as well as the x-talo-session header which should be set to the token you receive from registering or logging-in a player.