Request lifecycle
Every API request you send to ErynoaGroup goes through the following steps:Authentication
Your API key is validated. If the key is missing, expired, or lacks the required scope, the request is rejected with a
401 or 403 error immediately.Rate limit check
Your remaining request quota is checked. If you’ve exceeded your limit, a
429 response is returned with a Retry-After header indicating when you can try again.Request processing
ErynoaGroup processes your request — creating, reading, updating, or deleting the resource you specified.
Webhook delivery
When an event occurs in ErynoaGroup that matches your webhook subscription, the platform:- Constructs a JSON payload describing the event
- Signs the payload with your webhook secret using HMAC-SHA256
- Sends an HTTP POST to your configured endpoint
- Waits up to 10 seconds for a
2xxresponse - Retries failed deliveries up to 5 times with exponential backoff (1s, 2s, 4s, 8s, 16s)
ErynoaGroup considers any
2xx response a successful delivery. Return a 200 OK immediately and process the event asynchronously to avoid timeout failures.API versioning
All endpoints are versioned under/v1/. ErynoaGroup maintains backward compatibility within a major version — new fields may be added to responses, but existing fields will not be removed or renamed without advance notice.
When a breaking change is necessary, a new version (e.g., /v2/) is introduced alongside the existing version, with a migration guide and a deprecation timeline.
Idempotency
ForPOST requests that create or modify resources, you can supply an Idempotency-Key header. If ErynoaGroup receives two requests with the same key within 24 hours, the second request returns the cached result of the first — preventing duplicate operations.
Data retention
- API logs are retained for 30 days
- Webhook delivery logs are retained for 30 days
- Resource data is retained as long as your account is active