Error Codes & Limits

Every failure returns a machine-readable AIP-Exxx error code — not a generic 400.

json
// Every error in the response looks like this:
{
  "verified": false,
  "errors": [
    { "code": "AIP-E202", "name": "MONETARY_LIMIT" },
    { "code": "AIP-E303", "name": "INTENT_DRIFT" }
  ],
  "detail": "Transaction amount $5,200.00 exceeds per-txn limit of $1,000.00"
}

HTTP Status Codes

StatusMeaning
200Request succeeded — check "verified" for verification outcome
400Malformed request body or missing required fields
401Invalid or missing API key / JWT token
403Authenticated but not authorized for this resource
404Agent, key, or resource not found
429Rate limit exceeded — back off and retry
500Internal server error — contact support

AIP Error Taxonomy

E1xx — Envelope Errors

CodeNameDescription
AIP-E100INVALID_SIGNATUREEd25519 cryptographic proof verification failed
AIP-E101EXPIRED_ENVELOPEIntent envelope TTL has been exceeded
AIP-E102REPLAY_DETECTEDEntropy nonce reused — possible replay attack
AIP-E103SCHEMA_INVALIDEnvelope does not conform to AIP-1 schema
AIP-E104VERSION_UNSUPPORTEDProtocol version not supported by this verifier

E2xx — Boundary Violations

CodeNameDescription
AIP-E200ACTION_NOT_ALLOWEDRequested action is not in the agent's allowed_actions list
AIP-E201ACTION_DENIEDAction is explicitly in the agent's denied_actions list
AIP-E202MONETARY_LIMITTransaction amount exceeds per-txn or per-day monetary limit
AIP-E203TIME_WINDOW_VIOLATIONRequest is outside the agent's authorized time window
AIP-E204GEO_RESTRICTIONRequest originates from a restricted geography

Rate Limits

Rate limits are applied per IP or per API key. Every response includes rate limit headers.

TierLimitWindow
IP (unauthenticated)60 requests1 minute
API Key300 requests1 minute
Login attempts10 attempts5 minutes