Skip to content
Stronghold

Errors

Error format

All error responses return JSON with an error field:

{"error": "description of what went wrong"}

Most error responses also include a request_id field for tracing and support.

HTTP status codes

StatusMeaningWhen
400Bad RequestInvalid JSON, missing required fields, text too large
402Payment RequiredNo X-PAYMENT header or insufficient funds
409ConflictDuplicate payment nonce (request already in progress or completed)
500Internal Server ErrorScan engine failure or payment processing error
502Bad GatewayUpstream service unreachable. Only returned by the transparent proxy, not the API server directly.
503Service UnavailablePayment settlement failed, or database/facilitator down (readiness check)

400 Bad Request

Returned when the request body is malformed or violates constraints.

{"error": "Invalid request body", "request_id": "..."}
{"error": "Text is required", "request_id": "..."}
{"error": "Text too large, maximum size is 500KB", "request_id": "..."}

402 Payment Required

Returned when the X-PAYMENT header is missing, invalid, or the payment amount is insufficient. The response body includes the payment requirements so clients can construct a valid payment and retry.

{
  "error": "Payment required",
  "payment_requirements": {
    "scheme": "x402",
    "network": "base",
    "recipient": "0x...",
    "amount": "1000",
    "currency": "USDC",
    "facilitator_url": "...",
    "description": "Citadel security scan"
  },
  "accepts": [
    {
      "scheme": "x402",
      "network": "base",
      "recipient": "0x...",
      "amount": "1000",
      "currency": "USDC",
      "facilitator_url": "...",
      "description": "Citadel security scan"
    },
    {
      "scheme": "x402",
      "network": "solana",
      "recipient": "So1ana...",
      "amount": "1000",
      "currency": "USDC",
      "facilitator_url": "...",
      "description": "Citadel security scan",
      "fee_payer": "FeePayerPubkey..."
    }
  ]
}
FieldTypeDescription
payment_requirementsobjectPrimary payment option (first entry from accepts). Provided for backward compatibility.
acceptsarrayAll supported payment options, one per configured network.
accepts[].schemestringPayment scheme (always "x402")
accepts[].networkstringBlockchain network (e.g. "base", "solana")
accepts[].recipientstringWallet address to pay
accepts[].amountstringRequired amount in microUSDC (string-encoded integer). Both EVM and Solana use 6-decimal USDC, so the value is identical across chains.
accepts[].currencystringCurrency ("USDC")
accepts[].facilitator_urlstringURL of the x402 facilitator that settles the payment
accepts[].descriptionstringHuman-readable description of what the payment is for
accepts[].fee_payerstringSolana fee payer public key. Only present for Solana network options.
errorstringError message, always "Payment required"

Well-behaved clients should handle 402 responses by creating an x402 payment header and retrying the request. The x402-fetch library does this automatically.

409 Conflict

Returned when the payment nonce has already been used. This happens when a duplicate request arrives while the original is still being processed, or after it has completed.

{"error": "Payment already in progress", "status": "executing"}
{"error": "Payment nonce expired, please generate a new payment"}

If the original request completed successfully, the cached result is returned with a 200 status instead.

503 Service Unavailable

Returned when payment settlement fails after the scan has been executed. The payment was not charged. Clients should retry with the same payment header.

{
  "error": "Payment settlement failed",
  "retry": true,
  "message": "Please retry with the same payment. Your payment was not charged."
}
FieldTypeDescription
errorstringError description
retrybooleanAlways true — indicates the request is safe to retry
messagestringHuman-readable retry guidance

Request IDs

Most error responses include a request_id field. Include this value when contacting support to help trace the request through server logs.