Errors & status codes
Every error response is JSON. CORS headers are always present, including on errors.
HTTP status codes
| Status | When | Body |
|---|---|---|
| 200 | Success | Endpoint-specific JSON |
| 400 | Body failed validation | { "error": "Invalid body", "details": {…} } |
| 401 | Missing, malformed, or revoked API key | { "error": "Missing or invalid API key" } |
| 404 | Event not found in this workspace (feedback only) | { "error": "Event not found in this workspace" } |
| 405 | Method not allowed | Empty |
| 500 | Internal error | { "error": "…" } |
CORS
| Header | Value |
|---|---|
| Access-Control-Allow-Origin | * |
| Access-Control-Allow-Methods | POST, GET, OPTIONS |
| Access-Control-Allow-Headers | authorization, content-type, x-veriloop-key |
| Access-Control-Max-Age | 86400 |
The endpoint allows any origin so you can prototype from a static HTML page. In production we still recommend calling Veriloop from your server so the API key never ships to the browser.
Rate limits
Soft limit of ~120 requests/second per workspace during preview. Exceeding it returns an HTTP 429 with { "error": "rate_limited" }. Contact us if you need higher throughput.