Errors
What the Intelligence service raises internally versus what API clients typically see in JSON responses — including behavior for /v1/keys and related auth paths.
Intelligence app
HTTPException envelope
For normal HTTPException, the global handler maps status to a generic JSON body and does not forward route-specific detail (for example Key not found):
{
"error": {
"code": "<ENUM>",
"message": "<short generic string>"
}
}Rough mapping:
Validation
RequestValidationError & bad JSON
For RequestValidationError and invalid JSON shape on POST /v1/keys:
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid request"
}
}Status 422.
For DELETE /v1/keys/{id}when the key isn't yours or doesn't exist, the handler still returns 404with the generic "Not found" message. Route-specific detail (e.g. code NOT_FOUND, message Key not found) in routes.py is not what the Intelligence client JSON exposes.
/v1/keys
Errors that matter (by status)
Situations you should model against when integrating key management:
402
Not from /v1/keys
402 is raised in job_quota.check_credit_quota when submitting paid-tier / credit-consuming jobs with an API key (for example drawings or specs jobs), e.g. free tier lifetime credits exhausted (FREE_TIER_LIMIT_REACHED in code detail). Creating or listing keys does not call check_credit_quota, so you should not expect 402 on POST, GET, or DELETE /v1/keys in the current code.
429
Not on /v1/keys (current rate-limit list)
RequestRateLimitMiddleware only rate-limits specific POST paths (/v1/documents, /v1/specs/..., /v1/drawings/..., /v1/batches). /v1/keysis not in that set, so those Redis limits don't apply to key minting. (You could still hit other infrastructure limits.)
403
Elsewhere in the API
Not commonly emitted by the keys router itself; the Cognito path uses 401 for auth failures. 403appears elsewhere in the codebase for "forbidden" cases on other routers.
Next steps