Null values
Anull value isn’t an error — it’s an expected response value. See Null Values for why Finch returns null and how to check for it.
202 responses
A202 response isn’t an error either — it means the connection exists but data isn’t available yet. See 202 Response Codes for the retry and backoff behavior your application should implement, or Testing assisted integrations to reproduce a 202 response in the Finch Sandbox.
Server errors
Server errors (HTTP 500) are uncommon but possible. A few error-handling mechanisms help you maintain a good user experience while diagnosing the issue:
- Friendly error page. Display a user-friendly message instead of the raw server error to maintain user trust.
- Log the error. Capture the error message, stack trace, request details, and other relevant context. Always log the
finch-request-idfrom the HTTP response headers — Finch needs it to diagnose the issue on our side. - Health checks. Call the /introspect endpoint on a regular basis to monitor the status of your Finch integration and its connections — this helps you identify the source of
500errors faster. - Retry. Retry the request after a delay, or adjust the request parameters — this resolves many transient server errors.
finch-request-id from the response headers.
Retry example
Finch may also return4XX or 5XX error types due to unsupported responses from the underlying employment system. Retrying immediately may not resolve the issue — the following example retries a failed request with a fixed delay:
Error handling example
Reauthentication errors
A reauthentication error means the credentials Finch uses to access an employer’s provider system no longer work, and the employer must reauthenticate. This returns an HTTP status code of401 Unauthorized with a finch_code of reauthenticate_user (see Finch API errors).
To handle this error:
- Catch
401responses with afinch_codeofreauthenticate_userin your Finch API error handling. - Create a new Finch Connect session for the connection using the
/connect/sessions/reauthenticateendpoint, passing the connection’sconnection_id. If your application doesn’t already store theconnection_id, retrieve it by calling /introspect with the connection’saccess_token. - Direct the employer to complete Finch Connect through your existing flow — for example, prompt them to log in to your application dashboard, or send them a link to reauthenticate.
- Exchange the resulting authorization code for a new access token — this is the same access token exchange used during initial setup.
Rate limit errors
Finch returns a rate limit error with the HTTP status code429 Too Many Requests when an application or IP address exceeds its request limit. Review the API rate limits before continuing.
Finch’s rate limits work on a per-endpoint basis for applications. Finch calls each distinct endpoint a unique product, and sums rate limits on a rolling 60-second basis per product — commonly called a sliding or rolling window rate limit.
Think of each product’s rate limit as a bucket. Every request to a product (which maps to an API endpoint) adds a gallon of water to that endpoint’s bucket and starts a 60-second time-to-live (TTL) timer. When the bucket empties after 60 seconds, the next request restarts the TTL.
Stay within these rate limits to avoid request failures. If you hit a rate limit error, implement a back-off and retry strategy: wait 60 seconds for the bucket to reset, then retry, increasing the wait time exponentially on repeated failures.
Batch requests
Batch requests instead of calling an endpoint once per ID, to reduce your request count and avoid exhausting your rate limit.Rate Limit Scenario
This scenario shows how an application encounters application-level rate limits. Assume your application has five access tokens (Token A–E) making requests to thecompany, directory, individual, employment, payment, and pay-statement endpoints.
Each request to an endpoint adds a gallon of water to that product’s application-level bucket. The bucket counts requests across all of the application’s access tokens (Token A–E).
Organization endpoints have a capacity of 20 max requests per minute. Pay endpoints have a capacity of 12 max requests per minute.
- Token A makes 5 requests to /company, 4 to /directory, and 3 to /payment within a minute. Each bucket is below its capacity, so all of Token A’s requests succeed.
- Application-level rate limits
Bucket Capacity company5/20 - success directory4/20 - success individual0/20 employment0/20 payment3/12 - success pay-statement0/12
- Application-level rate limits
- Token B makes 5 more requests to /company, 4 to /directory, and 3 to /payment within the same minute. Each bucket is still below capacity, so all of Token B’s requests succeed.
- Application-level rate limits
Bucket Capacity company10/20 - success directory8/20 - success individual0/20 employment0/20 payment6/12 - success pay-statement0/12
- Application-level rate limits
- Tokens C and D each repeat the same pattern — 5 requests to /company, 4 to /directory, and 3 to /payment — within the same minute. The
companyandpaymentbuckets reach full capacity, but Token C’s and D’s requests still succeed because the limits haven’t been exceeded yet.- Application-level rate limits
Bucket Capacity company20/20 (FULL) - success directory16/20 - success individual0/20 employment0/20 payment12/12 (FULL) - success pay-statement0/12
- Application-level rate limits
- Token E then makes 1 request to /company and 1 to /directory. The
companyandpaymentbuckets are now full, so any further request to those endpoints — including Token E’s/companyrequest — returns a 429 rate limit error until the 60-second TTL resets. Token E’s/directoryrequest succeeds because that bucket isn’t full yet. Only successful requests count toward the application-level limit.- Application-level rate limits
Bucket Capacity company20/20 (FULL) - error directory16/20 - success individual0/20 employment0/20 payment12/12 (FULL) - error pay-statement0/12
- Application-level rate limits
Rate limit example
The followingRateLimiter class enforces this quota at the application level. Initialized with a limit (for example, 20 requests per minute for /directory), it makes requests up to that limit and pauses further requests until the bucket resets after 60 seconds. Call its request method to make API requests through the rate limiter, and initialize a separate RateLimiter instance for each endpoint you call.
Checkpoint + Next Step
Your application can now handle Finch’s most common error scenarios, making your integration more resilient. Monitoring API requests makes error mitigation easier — see Monitor API Usage next.