Internal API: Validates an access token, parses and returns the user claims from the token. References: RFC 7519 (JWT), NIST SP 800-63B §4 (Session Management).
Code is an error code (optional). Used by programs to identify error types, e.g., "required", "format", "range"
description
string
No
Description is a human-readable error description. Should explain which rule was violated, e.g., "Must be a valid email address"
field
string
No
Field is the path to the error field. Uses dot notation for nested fields, e.g., "user.email" or "addresses[0].city"
value
object
No
Value is the value that caused the error (optional, used in development mode). May not be returned in production to avoid leaking sensitive information
dto.Problem
Field
Type
Required
Example
Constraints
Description
code
integer
No
Code is a business error code. Used by programs to handle specific error scenarios. Example: 30101001
detail
string
No
Detail is a human-readable explanation for this specific error instance. May include specific error details, e.g., "Field 'email' is required"
Errors is a list of field-level validation errors (extension field). Follows Web API standard practices, each error contains field name and error message
i18n_args
object
No
I18nArgs are internationalization parameters. Used to dynamically fill translation templates
i18n_key
string
No
I18nKey is an internationalization key. Used for client-side localization of error messages. Example: "error.user_not_found"
instance
string
No
Instance is a specific URI reference where the problem occurred. Usually the request URL, may include query parameters. Example: "/api/v1/users?limit=invalid"
request_id
string
No
RequestID is a unique request identifier. Used for log correlation and issue tracking. Example: "req_550e8400-e29b-41d4-a716-446655440000"
retry_after
integer
No
RetryAfter is used for 429 Too Many Requests responses. Indicates how many seconds the client should wait before retrying (RFC 6585)
service
string
No
Service is the service name. Used in microservice architecture to locate the error source. Example: "auth-service"
span_id
string
No
SpanID is the current span identifier. Used to precisely locate the current node in a distributed trace
status
integer
No
Status is the HTTP status code generated. Used by clients to distinguish problem types, does not change with Accept-Language. Example: 400, 401, 403, 404, 500
timestamp
string
No
Timestamp is the error occurrence time. ISO 8601 format. Example: "2026-04-03T12:00:00Z"
title
string
No
Title is a short, human-readable summary of the problem type. The same Type should always have the same Title (does not change per instance). Example: "Invalid Request Parameters"
trace_id
string
No
TraceID is a distributed tracing identifier. Follows W3C Trace Context standard. Example: "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01"
type
string
No
Type is a URI reference that identifies the problem type. When dereferenced, it should provide human-readable documentation. Example: "https://api.example.com/errors/invalid-request"