Response & Error Codes

Understanding how EdgeWrap handles response envelopes and error codes helps you build reliable client integrations.

Edge Proxy Error Responses

When a request is rejected by the EdgeWrap proxy gateway before it reaches your origin, it returns a standard JSON error envelope containing a success status and a description.

Proxy Error Response
{
  "success": false,
  "error": "Request blocked by WAF",
  "requestId": "req_abc123def456"
}

HTTP Status Codes

The Edge Proxy and Gateway return standard HTTP status codes mapping to the outcome of each request:

StatusMeaningCommon Cause
200OKRequest successfully processed and forwarded (or served from edge cache).
201CreatedResource successfully created at your origin server.
400Bad RequestThe request body failed gateway input validation, or the request format is invalid.
401UnauthorizedMissing or invalid x-api-key header on the request.
403ForbiddenThe request was blocked by WAF policies, IP blacklists, bot detection, or a plan threshold has been reached.
404Not FoundThe requested path or resource does not exist at your origin, or the project routing configuration is missing.
429Too Many RequestsThe DDoS protection engine or per-key rate limiters have been triggered for the client IP.
502Bad GatewayThe gateway failed to connect to your origin server after executing all retry cycles.
503Service UnavailableYour origin server is failing and the Circuit Breaker has transitioned to the OPEN state.

Proxy-Specific Gateway Errors

This table details the exact error strings generated by EdgeWrap when short-circuiting a request in the proxy pipeline:

HTTPError MessagePipeline Trigger
401"Missing API key"No x-api-key header was provided in the incoming request.
401"Invalid or revoked API key"The provided key hash was not found, was deactivated, or expired.
403"Platform not allowed for this API key"The key does not support the request's client platform (e.g. mobile key used in web context).
403"Project is in readonly mode"The project is paused due to subscription billing issues.
429"Free quota exhausted. Upgrade to continue."The monthly free quota tier has been exceeded.
429"Monthly quota exceeded."The paid plan's request quota has been hit (and pay-as-you-go is disabled).
429"PAYG spend cap reached."A custom daily or monthly pay-as-you-go spend cap has been hit.
429"Too many requests"DDoS mitigation or rate limits have been triggered for the client IP.
403"WAF: Request blocked"OWASP filters or custom Edge Rules blocked the request pattern.
503"Origin unavailable"The circuit breaker is OPEN due to origin failures, and no stale cache is available.
502"Bad gateway: origin timeout"Origin servers timed out during health checking or proxy fetch attempts.

Handling Gateway Throttling (429)

Client applications should always monitor for HTTP 429 response statuses. When EdgeWrap rate limits a client, it attaches a Retry-After header indicating how many seconds to wait before attempting another request.

Sample Throttling Response Headers
HTTP/2 429 Too Many Requests
Retry-After: 30
Content-Type: application/json

{
  "success": false,
  "error": "Too many requests",
  "requestId": "req_xyz789abc"
}
Tip: Implement exponential backoff retry policies in client SDKs. Respect the Retry-After duration header for immediate pause windows when throttling occurs.