# Errors

The API uses standard HTTP status codes to indicate the success or failure of requests.

| Code | Meaning | Description |
|------|---------|-------------|
| **200** | OK | Request succeeded. |
| **401** | Unauthorized | Invalid or missing API token. |
| **403** | Forbidden | Token lacks permission for this scope. |
| **404** | Not Found | The requested resource does not exist. |
| **429** | Too Many Requests | You have exceeded your daily rate limit. |
| **500** | Server Error | Something went wrong on our end. |

## Error Format

Errors are returned as JSON objects:

```json
{
    "message": "Unauthenticated."
}
```

Or for rate limits:

```json
{
    "error": "rate_limit_exceeded",
    "message": "Daily request limit exceeded.",
    "upgrade_url": "..."
}
```

## VIP Feature Restrictions

If you attempt to use a feature that requires a VIP plan (e.g., Brute Force mode), you will receive a **403 Forbidden** response:

```json
{
    "error": "feature_not_available",
    "message": "Brute force mode is not available on the Free plan. Upgrade to VIP for full access.",
    "allowed_modes": ["smart", "dictionary"]
}
```

## Plan Limits

If you exceed a limit specific to your plan (e.g., wordlist size), you will also receive a **403 Forbidden** response explaining the limit:

```json
{
    "error": "limit_exceeded",
    "message": "Free plan is limited to 1000 passwords per request. Upgrade to VIP for unlimited.",
    "limit": 1000,
    "provided": 10000
}
```

## Policy Agreement Required

If you haven't agreed to the latest Terms of Service or Privacy Policy, all API requests will return a **403 Forbidden** response:

```json
{
    "error": "policy_agreement_required",
    "message": "You must agree to the updated policies before using the API.",
    "pending_policies": [
        {
            "type": "terms_of_service",
            "title": "Terms of Service",
            "version": "1.0"
        },
        {
            "type": "privacy_policy",
            "title": "Privacy Policy",
            "version": "1.0"
        }
    ],
    "agreement_url": "https://developer.nabzclan.vip/dashboard/policy"
}
```

To resolve this error, visit the `agreement_url` and accept the pending policies.

## Token Restrictions

If your API token is restricted to specific IP addresses or domains and the request comes from an unauthorized source, you will receive a **403 Forbidden** response:

```json
{
    "message": "Access denied: Invalid IP address."
}
```

or

```json
{
    "message": "Access denied: Invalid domain."
}
```

Ensure your server's IP address is whitelisted in your token settings or that you are sending the correct `Referer` / `Origin` header if using domain restrictions.