Skip to main content
Every failed request returns a JSON-RPC 2.0 error object, whether the call was made over WebSocket or HTTP POST. The error object always has three fields:
code
integer
required
The numeric error code. Negative codes are JSON-RPC / transport-level; positive codes are Derive application errors (see the catalog below).
message
string
required
A short, stable human-readable summary.
data
string | null
required
Optional detail (e.g. the offending field or protocol reason). Always present on the wire — it is null when there is no detail.

JSON-RPC base codes

The standard JSON-RPC 2.0 codes cover malformed or unroutable requests before any application logic runs.
Internal errors are redacted. For code −32603, the server always returns message: "Internal error" and data: null on the wire — any underlying detail is kept server-side and never leaked to clients. Treat −32603 as “retry or contact support,” not as a description of what went wrong.

Transport & session codes

See Rate limits for how the two-tier limiter works and how to read your live limits, and Authentication for the session-login and action-signing layers behind the 401/403 and 14xxx codes.

Application error catalog

Application errors use positive codes grouped by numeric range. Codes are stable; gaps within a range are reserved.
Internal 8xxx codes (e.g. counterparty/feed diagnostics) are intentionally omitted from this reference — they are server-side signals, not client-actionable, and are excluded from public docs.

9xxx — Confirmation timeouts

The order was accepted but a downstream confirmation did not arrive in time. Query order state before resubmitting.

10xxx — Accounts, transfers & margin

Rejections from account, session-key, and subaccount-level constraints before an order reaches the book.

11000–11035 — Orders & matching

Order-lifecycle rejections from the matching engine.

11050–11055 — Trigger orders

Stop / trigger-order specific rejections.
A parallel 11150–11155 code range for trigger-order rejects appears in the reject-message mapping and may surface for some persisted trigger rejections. Handle trigger rejects by name/message rather than hard-coding 11050 vs 11150.

11100–11113 — RFQs & quotes

Request-for-quote and quote-matching rejections.

12xxx — Market data

13000 — Subscriptions

14xxx — Authentication & authorization

Session-login, signature, and session-key scope failures. See Authentication for the underlying scheme.

16xxx — Compliance

17xxx — Risk universes

18xxx — Vaults

20000 — Protocol

Handling errors

Branch on code for programmatic handling and surface message (and data when present) to users. Never parse message text — it is stable but treat code as the contract. For −32603, retry with backoff rather than inspecting the (redacted) body.