Errors
The Golden Reports API uses standard GraphQL error responses. HTTP status codes are secondary — always check the errors array in the response body.
Error format
Every error follows this shape:
{
"errors": [
{
"message": "A human-readable description of the error.",
"locations": [{ "line": 2, "column": 3 }],
"path": ["workspaces"],
"extensions": {
"code": "ERROR_CODE"
}
}
]
}
| Field | Description |
|---|---|
message | Human-readable error description |
locations | Where in the query the error occurred |
path | The field path that triggered the error |
extensions.code | Machine-readable error code |
Error codes
| Code | Meaning |
|---|---|
UNAUTHENTICATED | Missing or invalid bearer token |
FORBIDDEN | Authenticated but not authorized for this operation |
NOT_FOUND | The requested resource does not exist |
BAD_USER_INPUT | Invalid arguments in the query or mutation |
INTERNAL_SERVER_ERROR | Something went wrong on our end |
Partial responses
GraphQL allows partial success — if one field errors, sibling fields may still resolve. Check both data and errors in every response.
{
"data": {
"workspace": { "id": "8b3f…", "name": "Acme" },
"report": null
},
"errors": [
{
"message": "Not authorized to access this report.",
"path": ["report"],
"extensions": { "code": "FORBIDDEN" }
}
]
}