Contact us

Error Responses in APIs: What You Return Is What Developers Debug With

by Arif Ikhsanudin, Backend Developer

Your error response is your real documentation

When an API fails, nobody opens your docs first.

They look at the response.

If what they see is vague, inconsistent, or incomplete, they’re stuck:

  • guessing what went wrong
  • retrying blindly
  • digging through logs they may not even have access to

At that moment, your error response is the API.

If it’s not designed intentionally, developers will feel it immediately.

The common failure mode: generic, unhelpful errors

Most APIs start here:

{
  "error": "Something went wrong"
}

Or slightly better:

{
  "message": "Invalid request"
}

These technically signal failure, but they don’t help anyone fix it.

Developers need three things:

  1. what went wrong
  2. where it went wrong
  3. how to fix it (or at least what to check)

If your error doesn’t provide those, it’s incomplete.

A practical error structure that scales

A good baseline:

{
  "error": {
    "code": "INVALID_EMAIL",
    "message": "Email format is invalid",
    "details": {
      "field": "email"
    }
  }
}

Breakdown:

  • code → stable, machine-readable identifier
  • message → human-readable explanation
  • details → contextual data (optional but powerful)

This structure scales across:

  • validation errors
  • business logic errors
  • system failures

The key is consistency. Every endpoint should follow the same format.

Codes matter more than messages

Messages change. Codes shouldn’t.

Bad:

{
  "error": "Email is not valid"
}

Better:

{
  "error": {
    "code": "INVALID_EMAIL",
    "message": "Email is not valid"
  }
}

Why?

Clients can rely on code:

  • show specific UI messages
  • trigger fallback logic
  • group errors for analytics

Messages are for humans. Codes are for systems.

If you only return messages, every client ends up parsing strings. That never ends well.

Validation errors should be precise

If multiple fields fail validation, don’t collapse them:

{
  "error": {
    "code": "VALIDATION_FAILED",
    "message": "Invalid input"
  }
}

Return field-level detail:

{
  "error": {
    "code": "VALIDATION_FAILED",
    "message": "One or more fields are invalid",
    "details": [
      {
        "field": "email",
        "code": "INVALID_FORMAT"
      },
      {
        "field": "password",
        "code": "TOO_SHORT",
        "min_length": 8
      }
    ]
  }
}

Now the client can:

  • highlight specific fields
  • provide actionable feedback
  • avoid trial-and-error debugging

Don’t leak internals, but don’t hide everything either

There’s a balance between helpful and dangerous.

Bad (leaks internals):

{
  "error": "SQLSTATE[23505]: duplicate key value violates unique constraint \"users_email_key\""
}

Bad (too vague):

{
  "error": "Database error"
}

Better:

{
  "error": {
    "code": "EMAIL_ALREADY_EXISTS",
    "message": "An account with this email already exists"
  }
}

Expose what the client needs to act. Hide implementation details that could:

  • confuse consumers
  • expose vulnerabilities
  • lock you into internal designs

Correlation IDs turn guesswork into traceability

When something goes wrong in production, developers often need help from your team.

Give them a way to reference the failure:

X-Request-ID: 9f8c7a6b

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Unexpected failure",
    "request_id": "9f8c7a6b"
  }
}

Now:

  • clients can log it
  • support teams can trace it
  • logs can be correlated across services

Without this, debugging becomes “can you reproduce it?” instead of “let’s look it up.”

Align errors with HTTP status codes

The error body is not a replacement for HTTP status codes.

Combine both:

HTTP/1.1 404 Not Found

{
  "error": {
    "code": "ORDER_NOT_FOUND",
    "message": "Order 1234 does not exist"
  }
}

This gives:

  • infrastructure → correct signal (4xx vs 5xx)
  • clients → structured detail

If you return 200 with an error body, you’ve already lost half the value.

Consistency across services matters more than perfection

In a multi-service system, inconsistency multiplies:

  • one service uses error.code
  • another uses error_type
  • another returns raw strings

Clients now need adapters per service.

Define a shared format and enforce it everywhere—even if it’s not perfect.

Consistency reduces cognitive load more than clever design.

The tradeoff: verbosity vs usability

Good error responses are more verbose:

  • larger payloads
  • more fields to maintain
  • more cases to define

But minimal errors push that complexity onto every client:

  • repeated debugging effort
  • duplicated validation logic
  • slower integrations

You either centralize clarity or distribute confusion.

What to do differently this week

Pick one error your API returns frequently.

Improve it:

  • add a stable error code
  • make the message specific
  • include contextual details

Then update one client to use that structure properly.

You’ll immediately see how much friction a good error response removes.

Scale Your Backend - Need an Experienced Backend Developer?

We provide backend engineers who join your team as contractors to help build, improve, and scale your backend systems.

We focus on clean backend design, clear documentation, and systems that remain reliable as products grow. Our goal is to strengthen your team and deliver backend systems that are easy to operate and maintain.

We work from our own development environments and support teams across US, EU, and APAC timezones. Our workflow emphasizes documentation and asynchronous collaboration to keep development efficient and focused.

  • Production Backend Experience. Experience building and maintaining backend systems, APIs, and databases used in production.
  • Scalable Architecture. Design backend systems that stay reliable as your product and traffic grow.
  • Contractor Friendly. Flexible engagement for short projects, long-term support, or extra help during releases.
  • Focus on Backend Reliability. Improve API performance, database stability, and overall backend reliability.
  • Documentation-Driven Development. Development guided by clear documentation so teams stay aligned and work efficiently.
  • Domain-Driven Design. Design backend systems around real business processes and product needs.

Tell us about your project

Say Hej

Our offices

  • Copenhagen
    1 Carlsberg Gate
    1260, København, Denmark
  • Magelang
    12 Jalan Bligo
    56485, Magelang, Indonesia

More articles

Why Miami Startups Cannot Rely on Local Hiring Alone for Backend Engineering

Miami has built a real startup scene. It hasn't yet built the backend engineering depth to staff it locally.

Read more

Your Docker Setup Is Not as Secure as You Think

Running containers feels isolated and therefore safe. It isn't. Most default Docker configurations have exploitable weaknesses: root processes, excessive capabilities, exposed sockets, and no resource limits. Locking them down is straightforward but rarely done.

Read more

Spring Boot Caching in Practice — @Cacheable, Cache Warming, and When Caching Makes Things Worse

Spring Boot's caching abstraction makes it easy to add caching to any method. What it doesn't tell you is when caching the wrong things causes stale data bugs, cache stampedes, and memory pressure that's harder to debug than the original performance problem.

Read more

ActiveRecord Query Patterns That Actually Scale

ActiveRecord makes simple queries trivial and complex queries dangerous. These are the patterns that remain correct under load — and the common ones that quietly fall apart at scale.

Read more