FeatureGate

Errors and fallbacks

Handle auth failures, rate limits, missing flags, and stale snapshots.

Defaults are the contract

Every evaluation takes an explicit default, so a flag check always returns a defined value — even before the first snapshot loads or during a network blip. The typed helpers never throw on transient failures; they fall back to your default.

Recoverable failures

The server SDK treats transient network failures, 429, and 5xx responses as recoverable. It keeps serving the last successful snapshot when it has one and returns caller defaults before the first snapshot is ready. Auth and validation failures are surfaced as configuration problems and are not cached as successful refreshes.

The Browser and React SDKs also return caller defaults for transient evaluation failures. They throw typed errors for authentication, origin, and request-shape problems so you can fix the client key, allowed origins, or flag request.

Generated reference pages show each endpoint's success response and shared API error envelope. Start with POST /v1/evaluate for the runtime error shape.

Status codes

  • 401: missing, malformed, revoked, or unknown runtime key.
  • 403: valid key without the required runtime scope.
  • 403 CLIENT_ORIGIN_FORBIDDEN: browser client key used from a missing or disallowed origin.
  • 429: rate limit exceeded. Retry after the indicated delay.
  • 400 or 413: request shape or payload size failed validation.

Management routes use the same error envelope, but with management-key auth and scope checks. A server runtime key, browser client key, or console session cookie is not a management credential.

Next steps