VERTEXY
Docs

Start Here

  • Platform overview
  • Engineer quickstart
  • Analyst introduction
  • Administrator setup
  • Architecture

Integrate

  • Authentication
  • Assess transactions
  • Event ingestion
  • Signing and reliability
  • Submit feedback
  • Retries and idempotency
  • Go-live checklist

Use the Dashboard

  • Overview dashboard
  • Event Explorer
  • Graph Explorer
  • Reviews
  • Policy
  • Threat Intel

Administer

  • Onboarding
  • Developer Settings
  • Team and access
  • Permissions and features
  • Audit Logs
  • Billing and plans

Reference

  • API reference
  • API introduction
  • Objects
  • Event types
  • Risk scores and reasons
  • Errors
  • Glossary
  • Node.js examples
  • Python examples

Updates and Help

  • Changelog
  • v1.0.0 release
  • Troubleshooting
  • Support
Open Developer Settings →
VERTEXY
Docs
Docs/Reference
engineer

Errors and Status Codes

Common HTTP status codes and error patterns returned by VertexY.

Reviewed 2026-06-21Product 1.1

Error model#

VertexY returns standard HTTP status codes. Some errors also include a JSON body with:

  • statusCode
  • message
  • error
  • endpoint-specific details

Common status codes#

  • 200: request succeeded.
  • 201: resource was created successfully.
  • 400: request body, path, or query parameters were invalid.
  • 401: authentication is missing, expired, or invalid.
  • 402: the company has no usable subscription, or usage exceeded a hard limit.
  • 403: the user is authenticated but does not have permission.
  • 404: the requested resource does not exist.
  • 409: the request conflicts with existing state, such as duplicate or mutually exclusive data.
  • 429: too many requests in a short period.
  • 500: unexpected internal server error.
  • 503: temporary degradation, or a retryable pending state such as duplicate ingest waiting on the canonical result.

Authentication errors#

  • 401 Unauthorized: the access token is invalid, expired, or missing.
  • 401 Session expired: the refresh token is invalid or expired.
  • 403 Access denied: the authenticated user does not have the required role.

Billing and subscription errors#

  • 402 No active subscription found for company: the route requires an active paid plan.
  • 402 Monthly usage limit exceeded...: the company crossed a hard usage ceiling for the current month.
  • 400 Cannot subscribe to an inactive plan: the selected plan cannot be purchased.
  • 409 Company already has a live subscription assignment in progress: an active or pending subscription already exists and conflicts with the request.

Ingest signature and replay errors#

  • 401 Missing ingest signature: the x-event-signature header was not sent.
  • 401 Missing replay timestamp header: the x-event-timestamp header was not sent.
  • 401 Missing replay nonce header: the x-event-nonce header was not sent.
  • 401 Replay detected for nonce: the nonce was already used recently.
  • 401 Invalid ingest signature: the signature does not match the raw request body and secret.

Ingest-specific edge cases#

Duplicate event while canonical assessment is still being finalized#

Possible response:

json
{
  "statusCode": 503,
  "message": "Assessment pending for duplicate event",
  "code": "ASSESSMENT_PENDING",
  "transactionId": "txn_100001"
}

Recommended client behavior:

  • wait briefly
  • retry with the same payload and same idempotencyKey

Rate limiting#

The public ingest route may return:

plaintext
429 Too Many Requests

You may also see these headers:

  • X-RateLimit-Limit
  • X-RateLimit-Remaining
  • X-RateLimit-Reset

Validation examples#

  • 400 Invalid UUID: a field such as companyId, assessmentId, or planId is malformed.
  • 400 Invalid currency: currency is not a 3-letter uppercase ISO code.
  • 400 Invalid date: a timestamp or period field is malformed.

Troubleshooting checklist#

I get 401 on /events/ingest#

Check:

  • raw body is signed, not parsed JSON
  • correct secret for the company
  • timestamp is fresh
  • nonce is unique

I get 402 Payment Required#

Check:

  • active subscription exists
  • plan includes the route you are calling
  • usage has not exceeded the plan’s limit

I get 503 ASSESSMENT_PENDING#

This is usually a safe retry case for duplicate ingest races. Retry the exact same event after a short delay.

Was this page helpful?

Previous← Risk scores and reasonsNextGlossary →

On this page

Error modelCommon status codesAuthentication errorsBilling and subscription errorsIngest signature and replay errorsIngest-specific edge casesRate limitingValidation examplesTroubleshooting checklist