Important information

The API reference is now available here.
The deprecated API reference is available here.


Error handling

Error and debug information provided by Unzer API and SDK.


Unzer API errors are returned in the JSON response and consist of a code, merchantMessage and customerMessage. We recommend showing the customer message in the frontend and logging all fields of unexpected errors for further investigation.
You should also store the fields id and traceId that are useful when you need to find the root cause for an error. The id can also be used to fetch a specific error object later for analysis.

Error responses do not always have an HTTP error status code.
So, the response would have a 2XX HTTP status code that still has a list of errors in its payload.
  "id": "p-err-d0d2096c9bb04a2e8cecf776601",
  "isSuccess": false,
  "isPending": false,
  "isError": true,
  "url": "",
  "timestamp": "2021-07-30 11:43:39",
  "traceId": "b7842b4951bc3752406e6e3f3c51a217",
  "errors": [
      "code": "API.410.200.001",
      "merchantMessage": "lastName is missing",
      "customerMessage": "lastName is missing. Please contact us for more information."
      "code": "API.410.200.004",
      "merchantMessage": "firstName is missing.",
      "customerMessage": "firstName is missing. Please contact us for more information."

HTTP response codes for errors

CodeHTTP ResponsePossible causes
400Bad RequestBad request to the API, for example, required parameter is missing or has an invalid syntax.
401UnauthorizedRequest without a key or with an invalid key.
403Access-Denied/ForbiddenRequest to a private resource with a public key.
404Not FoundThe requested resource does not exist.
405Method Not AllowedThe chosen payment type is not configured for the merchant or the HTTP method can not be used for the requested resource.
415Unsupported media typeThe request media type is not supported by the system.
500Internal Server ErrorAn error occurred in an internal Unzer system.
504Gateway TimeoutThe server did not receive a fast enough response from another server upstream when it attempted to load one of the web pages.

Error resource components

Error responses are always returned with information about the origin of the error in the form of a JSON object. Within the error object, there is a list of errors to provide you with all possible problems in a chunk. The SDK throws a UnzerSDK\Exceptions\UnzerApiException whenever an error is returned by the API.

    "code": "API.410.200.004",
    "merchantMessage": "firstName is missing.",
    "customerMessage": "firstName is missing. Please contact us for more information."
codeUniquely identifies the error, it could look like this: API.410.200.004
merchantMessageSpecifies the error details and further information for you as a merchant. The message is not intended to be displayed to the customer. This message is only visible if you make the call with a private key. If you are using a public key, this field is missing.
customerMessageSpecifies the message to be displayed to your customer. It is available in several languages, based on the Accept Language header.

Retrieving errors by ID

Fetching an error is not possible via PHP SDK. Please refer to Fetch error object of the Direct API integration documentation.

Handling server-side errors

When an error occurs, this causes an UnzerApiException that needs to be handled.

The exceptions are thrown in the following cases:

  • there is an error connecting to the API or to the payment core
  • there is an error executing a request

To identify the error, you should catch this exception and write it to your error log and show the clientMessage to your customer.

try {
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');

$charge = new Charge(100.00, 'EUR', $returnUrl);
$unzer->performCharge($charge, $typeId);
} catch (UnzerApiException $e) {
    // write $e->getMerchantMessage(), $e->getErrorId() and $e->getCode() to your log
    // show $e->getClientMessage() on the client side if applicable

Runtime Exceptions

In some cases the SDK throws a RuntimeException. This is the case when there is an error using the SDK, such as the key has the wrong format or is not the private key or when a necessary resource does not exist.

We recommend you to catch those exceptions and handle them by writing them to your error log and showing a generic error message to the customer.

try {
    // your call to the api
} catch (\RuntimeException $ex) {
    //  write $ex->getMessage() to your error log
    //  redirect your customer to a failure page and show a generic message

Debug log

You can enable debug mode on your Unzer object in order to see the HTTP requests performed to the API and the raw responses. To use this functionality do the following:

  1. Create your own debug handler class implementing the UnzerSDK\Interfaces\DebugHandlerInterface
  2. Inject it into your Unzer object
  3. Enable debug mode on your Unzer object

You can handle the message in the log method of your debug handler and write it into your debug log.

namespace Your\Namespace;
use UnzerSDK\Interfaces\DebugHandlerInterface;

class TestDebugHandler implements DebugHandlerInterface
    public function log ($message) {
        // write $message to your log
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');

$unzer->setDebugHandler(new \Your\Namespace\TestDebugHandler());

Keeping a debug log can cause a significant amount of data over time. Make sure to disable debug mode when you finished debugging.

Verbose cURL output

To enable verbose curl output, you can set the environment variable UNZER_PAPI_CURL_VERBOSE to true.

See also

Error codes