The header
Full request example
202 Accepted confirms the event was enqueued, not that it has been fully processed. Vibefollow’s ingest pipeline is asynchronous — the event lands in your project’s event stream within a few hundred milliseconds.Failure modes
403 Forbidden
403 Forbidden
Key valid but doesn’t authorise access to the resource (e.g. wrong project).
422 Unprocessable Entity
422 Unprocessable Entity
Request body failed validation.
errors[0].field names the offending field.429 Too Many Requests
429 Too Many Requests
Rate limited. Respect the
Retry-After header.5xx Server error
5xx Server error
Safe to retry — the
Idempotency-Key prevents duplicates.Idempotency in detail
TheIdempotency-Key is required on every mutating request — the SDK auto-generates one if you don’t pass it. The backend dedupes within a 24-hour window keyed by (project_id, idempotency_key).
CORS
The API does not sendAccess-Control-Allow-Origin headers. The browser cannot call Vibefollow directly — build a server proxy if you need browser-originated events.
TLS
HTTPS only. Plaintext HTTP requests are refused at the edge with a redirect tohttps://. TLS 1.2+ required. We do not support TLS 1.0/1.1.