Error Handling

1. Error Format

All errors are returned as JSON with consistent structure:

{
  "detail": "Error message or array of field errors"
}

2. Common Error Codes

• 400 Bad Request: Invalid input data

• 401 Unauthorized: Authentication required or failed

• 404 Not Found: Resource not found

• 409 Conflict: Resource already exists

• 429 Too Many Requests: Rate limit exceeded

• 500 Internal Server Error: Server error

3. Rate Limiting

• OTP requests: 3 per 30 seconds per email

• Login attempts: 5 per 15 minutes per IP

• API requests: 100 per minute per IP