Errors & rate limits

Errors & rate limits

All error responses use the same JSON envelope:

{
  "success": false,
  "error": "Human-readable explanation",
  "code": "MACHINE_READABLE_CODE"
}

Error codes

HTTPCodeWhenAction
404NOT_FOUNDToken unknown or revoked by the founderAsk the founder for a new share link
410EXPIREDToken past share_expires_atAsk the founder to create a new link (7-day default)
422VALIDATION_ERRORMissing token in URLCheck request path
429RATE_LIMITED> 60 requests/minute per IP per tokenBack off; retry after 60 seconds
503STATUS_UNAVAILABLEAPI temporarily disabledRetry later; contact support if persistent
503RATE_LIMIT_UNAVAILABLERate limiter unavailable (production)Retry shortly
500STATUS_ERRORInternal assembly failureRetry; contact support if persistent

Rate limits

LimitValue
Requests per minute60
ScopePer client IP and per token
WindowRolling 60-second window

When rate limited, you receive 429 with code RATE_LIMITED.

Best practice: cache responses for at least 15 minutes in screening pipelines. Compliance scores change when founders update their Klarify profile — not on every API call.


CORS

The API is intended for server-to-server integration. Browser-side calls from your web app may be blocked by CORS unless your origin is allowlisted. Call the API from your backend.


Idempotency

GET requests are safe and idempotent. Each successful call increments meta.view_count (audit trail for founders).


Support

Issues with tokens, missing data, or integration questions:

Email: [email protected]

Include the HTTP status code and code field — do not send full tokens in support emails; send the first 8 characters only.