Protectmaxx uses conventional HTTP response codes to indicate success or failure of an API request. In general, codes in the 2xx range indicate success (for example 200 or 201), codes in the 4xx range indicate an error that resulted from the provided request and codes in the 5xx range indicate an error with the system.

A typical error response is shown below:

    "code": "400",
    "type": "error",
    "internal_code": "FraudError",
    "message": "advice to decline"
    "timestamp": "2023-05-11T16:53:20+0100"
    "path": "/payments"
HTTP Code Meaning
200 OK -- Everything worked as expected.
201 OK -- The requested element is created.
400 Bad Request -- Mostly some error from the Fraud/Payment provider side.
401 Unauthorized -- Your API key is wrong.
403 Forbidden -- The resource requested is hidden for administrators only.
404 Not Found -- The specified resource could not be found.
405 Method Not Allowed -- Often you are not POSTing a request.
406 Not Acceptable -- You requested a format that isn't JSON.
422 Unprocessable Entity -- Validation error, you will find the wrong or missing fields in the details.
429 Too Many Requests -- We're rate limiting your usage of the API.
500 Internal Server Error -- We had a problem with our server. Please try again later.
503 Service Unavailable -- We're temporarily offline for maintenance. Please try again later.
504 Service timeout -- We are temporarily offline or over capacity. Please try again later.

It is also crucial that your system can handle non-2xx HTTP response codes from Protectmaxx. Failure to do so could result in customers being unable to complete orders on your platform.


We have an advanced monitoring and alerting system to ensure your integration continues to work correctly, however you should also configure your own logging and metrics to provide observability into how your Protectmaxx integration is behaving, alerting you to any issues originating from integration.