HTTP status codes
The Laso Finance API uses standard HTTP status codes. Here’s what each means and how to handle it.402 Payment Required
This is the normal x402 flow — not an error. The server is telling you the price and how to pay.x402-axios), this is handled automatically. The client reads the payment details, constructs a payment, and replays the request.
Note that GET /auth also returns 402 when a SIGN-IN-WITH-X header is present but fails verification (invalid or expired signature, reused nonce, domain mismatch). It does not return 401 for those failures. The 402 response carries a fresh challenge in the PAYMENT-REQUIRED response header, so sign the new challenge and retry. If you keep receiving 402 after sending a SIGN-IN-WITH-X header, treat it as a signature failure rather than retrying with the same payload.
400 Bad Request
Invalid or missing parameters.- Missing
amountquery parameter on/get-card - Amount below $5 or above $1,000
- Missing
grant_typeorrefresh_tokeninPOST /authrequest body - Invalid
formatparameter (must bejsonorhtml)
401 Unauthorized
Token is missing, expired, or invalid.id_tokenhas expired (tokens last ~1 hour)- Malformed
Authorizationheader - Using a revoked refresh token
POST /auth with grant_type: "refresh_token". If that also returns 401, re-authenticate via GET /auth.
403 Forbidden
You’re authenticated but not authorized for this resource.- Trying to access a card that belongs to a different user
- Using a token from one wallet to access another wallet’s data
- The account is frozen (the response includes a
frozen_messagefield explaining why)
404 Not Found
The requested resource doesn’t exist.- Invalid
card_idin/get-card-data - Typo in the card ID
card_id from the original /get-card response.
429 Too Many Requests
A rate limit was exceeded.- Calling
POST /refresh-card-datafor the same U.S. card less than 5 minutes after the previous refresh - Requesting more than 24 refreshes for the same U.S. card in any rolling 24-hour period