HTTP status map
| Status | Meaning | Client action |
|---|---|---|
| 400 | Validation failure | Show field-level guidance |
| 401 | Missing/invalid auth token | Prompt re-authentication |
| 403 | Role or permission blocked | Show access explanation |
| 404 | Resource not found | Show fallback state |
| 409 | Conflict / duplicate purchase | Show ownership state |
| 429 | Rate limit hit | Back off and retry later |
| 500 | Unexpected server error | Surface retry + support path |
Error payload shape
{ "error": "Human-readable message" }