Responses
Our REST API uses a standardized response structure, for both successful and unsuccessful requests.

Successful Responses

Orders Endpoint when evaluate flag is set to 'false'

Code: 200 or 201
HTTP status code: 200 or 201 *
JSON response:
{
"message": "message for the success"
}
* HTTP status code will be 201 for POST requests and 200 for PUT requests.

Sandbox responses

When testing your integration, you should use your provided Sandbox keys. When sending a POST request with a Sandbox API key (for example, creating an order), you will get a 200 HTTP response code instead of a 201, and a message that looks like this:
{
"message": "[SANDBOX] Valid request!"
}
This indicates that the request was valid, but the request data will not be used by Legiti for training our evaluation models.

Orders Endpoint when evaluate flag is set to 'true'

Code: 200
HTTP status code: 200
JSON response: {
"legiti_decision": <one of "approve", "reject", "manual" or "unavailable">,
"message": "optional field; will be used for the unavailable decision"
}
The approve decision means we're suggesting you to approve the transaction.
The reject decision means we're suggesting you to reject the transaction.
The manual decision means we're suggesting to send the order to a manual analysis desk. This will only be returned if your business logic accepts it.
The unavailable decision will only be returned in the case that your company is in the pilot phase of its Legiti integration; this response is returned to indicate that our model has received and evaluated your order, but an actionable decision is not yet available. (The evaluation results are stored internally by Legiti and will be reviewed throughout the pilot phase.)

Error Responses

Invalid JSON received in the request

Code: 400
HTTP status code: 400
JSON response: {
"error_message": "message for the error",
"error_code": 1
}

Request body validation errors

Code: 400
HTTP status code: 400
JSON response: {
"error_message": {
"field_name": [
"message explaining the error in the field named 'field_name'"
]
},
"error_code": 2
}

Invalid type received in the request body

Code: 400
HTTP status code: 400
JSON response: {
"error_message": "Invalid type in request body - expected a JSON object",
"error_code": 4
}

Request missing body payload

Code: 400
HTTP status code: 400
JSON response: {
"error_message": "The request is missing the body payload",
"error_code": 5
}

Authentication header not provided

Code: 401
HTTP status code: 401
JSON response: {
"message": "Unauthorized"
}

Not Authorized

Code: 403
HTTP status code: 403
JSON response: {
"Message": "User is not authorized to access this resource with an explicit deny"
}

Internal errors

Code: 503
HTTP status code: 503
JSON response: {
"error_message": "message for the error",
"error_code": 3
}
Copy link
On this page
Successful Responses
Orders Endpoint when evaluate flag is set to 'false'
Orders Endpoint when evaluate flag is set to 'true'
Error Responses
Invalid JSON received in the request
Request body validation errors
Invalid type received in the request body
Request missing body payload
Authentication header not provided
Not Authorized
Internal errors