Error Reference
Every error from the Curate-Me gateway follows a consistent JSON shape:
{
"error": {
"code": "rate_limit_exceeded",
"message": "Rate limit exceeded: 60 requests/min for key cm_sk_xxx",
"request_id": "req_01hwz3kj4p5qm8n9v2t6y7",
"governance_stage": "rate_limit",
"retry_after": 14
}
}| Field | Type | Description |
|---|---|---|
code | string | Machine-readable error code |
message | string | Human-readable explanation |
request_id | string | Use this when filing a support ticket |
governance_stage | string | Which governance stage rejected the request (gateway errors only) |
retry_after | integer | Seconds to wait before retrying (429 only) |
Quick lookup
401 Unauthorized402 Payment Required403 Forbidden409 Conflict422 Unprocessable Entity429 Too Many Requests5xx Server Errors
Error codes by governance stage
| Stage | Common error codes | HTTP status |
|---|---|---|
| Auth | invalid_api_key, api_key_revoked, org_suspended | 401 |
| Plan enforcement | plan_limit_exceeded, trial_expired | 402 |
| Body size | body_too_large | 413 |
| Rate limit | rate_limit_exceeded | 429 |
| Cost estimate | budget_exceeded, daily_limit_exceeded | 402 |
| Budget hierarchy | org_budget_exceeded, team_budget_exceeded, key_budget_exceeded | 402 |
| Runner session | session_budget_exceeded | 402 |
| PII scan | pii_detected | 403 |
| Content safety | prompt_injection_detected, jailbreak_detected | 403 |
| Security scan | security_violation | 403 |
| AI security classifier | — (reduces false positives from content safety) | — |
| Model allowlist | model_not_allowed | 403 |
| HITL gate | hitl_approval_required | 202 (pending, not an error) |
Every error response includes X-CM-Request-Id in the headers. Always include this value when contacting support.