Error reference

Every error, explained

Every HTTP status the QuickResponseHub API can return, with the exact JSON we send, the most common cause, and how to fix it.

Back to API reference System status

Error response shape

Every error response is JSON with a human-readable error string and the matching HTTP status code. 5xx responses also include a request_id you can quote in support tickets.

HTTP/1.1 403 Forbidden
Content-Type: application/json

{ "error": "Invalid passcode for code AB3XK9PQ7M" }

12 of 12 errors

Status	Name	Where it appears
400	Bad Request — invalid URL	POST /api/shorten, POST /api/update, POST /api/bulk-shorten
400	Bad Request — invalid code format	POST /api/reserve
400	Bad Request — missing required field	POST /api/update, POST /api/delete
400	Bad Request — bulk too large	POST /api/bulk-shorten
401	Unauthorized — missing or invalid API key	All write endpoints, GET /api/list
403	Forbidden — wrong passcode or not the owner	POST /api/update, POST /api/delete
404	Not Found — code does not exist	GET /api/lookup/{code}, GET /api/qr/{code}, GET /api/qr-image/{code}, GET /{code}
409	Conflict — code already in use	POST /api/reserve
422	Unprocessable Entity — destination blocked	POST /api/shorten, POST /api/update, POST /api/bulk-shorten
429	Too Many Requests — rate limit exceeded	All endpoints
500	Internal Server Error	All endpoints
503	Service Unavailable — maintenance	All endpoints

400

Bad Request — invalid URL

The destination URL is missing, empty, or not a valid http/https URL.

Common cause

You sent a body without a `url` field, the value isn't a string, or it doesn't start with `http://` or `https://`.

How to fix

Include the scheme. `example.com` is rejected — use `https://example.com`.

Where it appears

POST /api/shortenPOST /api/updatePOST /api/bulk-shorten

Example response

{ "error": "Invalid URL: must start with http:// or https://" }

400

Bad Request — invalid code format

The custom code is the wrong length or contains disallowed characters.

Common cause

Codes must be 6–20 characters, letters and digits only. Spaces, dashes, underscores, and symbols are rejected.

How to fix

Strip non-alphanumeric characters and check length before submitting.

Where it appears

POST /api/reserve

Example response

{ "error": "Invalid code: must be 6-20 alphanumeric characters" }

400

Bad Request — missing required field

A required body field wasn't included in the JSON payload.

Common cause

You forgot `code`, `passcode`, or (for update) `url`.

How to fix

Check the endpoint reference in the API docs and include every field marked `required`.

Where it appears

POST /api/updatePOST /api/delete

Example response

{ "error": "Missing required field: passcode" }

400

Bad Request — bulk too large

You submitted more URLs than the bulk endpoint accepts in a single request.

Common cause

The `urls` array contained 0 items or more than 100.

How to fix

Chunk your input into batches of up to 100 URLs and call the endpoint once per batch.

Where it appears

POST /api/bulk-shorten

Example response

{ "error": "urls must contain between 1 and 100 items" }

401

Unauthorized — missing or invalid API key

The `X-API-Key` header is missing, empty, or doesn't match an active key.

Common cause

You forgot the header, sent an empty string, or the key was rotated/revoked from the dashboard.

How to fix

Re-copy your active key from the dashboard. If you rotated, the previous key works for 24h then stops.

Where it appears

All write endpointsGET /api/list

Example response

{ "error": "Invalid or missing API key" }

403

Forbidden — wrong passcode or not the owner

The code exists but you can't modify it: the passcode is wrong, or the code belongs to a different account.

Common cause

Typo in the passcode, used the wrong code's passcode, or the API key belongs to a different account than the one that created the code.

How to fix

Confirm the passcode you saved at create time. If lost, see the passcode-recovery section in the API docs (you'll need to delete and recreate).

Where it appears

POST /api/updatePOST /api/delete

Example response

{ "error": "Invalid passcode for code AB3XK9PQ7M" }

404

Not Found — code does not exist

No code matches the value you sent.

Common cause

Typo in the code, the code was deleted, or it was reserved without a destination URL set yet.

How to fix

Codes are uppercase. Check spelling. If reserved, call `POST /api/update` first to set a destination.

Where it appears

GET /api/lookup/{code}GET /api/qr/{code}GET /api/qr-image/{code}GET /{code}

Example response

{ "error": "Code not found: ZZZZZZZZZZ" }

409

Conflict — code already in use

The custom code you tried to reserve is already taken.

Common cause

Codes are globally unique. Common words and short codes are usually claimed.

How to fix

Pick a longer or more specific code (e.g. add a year, campaign tag, or random suffix).

Where it appears

POST /api/reserve

Example response

{ "error": "Code already in use: BRAND" }

422

Unprocessable Entity — destination blocked

The destination URL is on our abuse blocklist (malware, phishing, or known spam).

Common cause

The host appears in Google Safe Browsing, PhishTank, or our internal blocklist.

How to fix

Use a different destination. If you believe this is a mistake, contact support with the URL.

Where it appears

POST /api/shortenPOST /api/updatePOST /api/bulk-shorten

Example response

{ "error": "Destination URL is not allowed (host on abuse blocklist)" }

429

Too Many Requests — rate limit exceeded

You've sent more requests than your plan allows in the current window.

Common cause

Free: 60 req/min per API key. Pro: 600 req/min. Enterprise: custom.

How to fix

Read the `Retry-After` response header (seconds) and back off. Use `/api/bulk-shorten` instead of looping `POST /api/shorten`.

Where it appears

All endpoints

Example response

{ "error": "Rate limit exceeded. Retry in 47 seconds." }

500

Internal Server Error

Something failed on our side. The request was well-formed but we couldn't complete it.

Common cause

Transient infrastructure issue. We log every 500 and page on-call.

How to fix

Safe to retry with exponential backoff (1s, 2s, 4s, 8s, max 30s). If it persists for more than 60s, check the status page.

Where it appears

All endpoints

Example response

{ "error": "Internal server error", "request_id": "req_01HXYZ..." }

503

Service Unavailable — maintenance

The API is temporarily offline for planned maintenance.

Common cause

Scheduled maintenance window. Announced 7 days in advance on the status page.

How to fix

Check the `Retry-After` header. Redirects (`GET /{code}`) stay online during API maintenance.

Where it appears

All endpoints

Example response

{ "error": "Service temporarily unavailable. Maintenance ends 2026-05-12T03:00:00Z." }

Recommended handling pattern

Inspect the status code first, then read the error message for context. Retry only on 429 and 5xx, with exponential backoff.

async function shorten(url: string, attempt = 0): Promise<{ code: string; passcode: string }> {
  const res = await fetch("https://www.quickresponsehub.com/api/shorten", {
    method: "POST",
    headers: { "Content-Type": "application/json", "X-API-Key": process.env.QRH_KEY! },
    body: JSON.stringify({ url }),
  });

  if (res.ok) return res.json();

  const { error, request_id } = await res.json().catch(() => ({}));

  // Retry transient failures up to 4 times
  if ((res.status === 429 || res.status >= 500) && attempt < 4) {
    const retryAfter = Number(res.headers.get("Retry-After")) || 2 ** attempt;
    await new Promise((r) => setTimeout(r, retryAfter * 1000));
    return shorten(url, attempt + 1);
  }

  // Permanent failures — surface to the caller
  throw Object.assign(new Error(error ?? res.statusText), {
    status: res.status,
    request_id,
  });
}