Purpose
This page documents wrapper and utility patterns used by Evento services so integrators can mirror behavior.
These snippets are representative references, not a published SDK contract.
Public API auth wrapper pattern
export function withUnkeyAuth(handler: Function, options?: {
requiredPermissions?: string[]
}) {
// Validates API key through Unkey
// Checks permissions (for example events:read)
// Enforces rate limit policies
// Returns 401 / 403 / 429 on failure
}
x-evento-api-key header (preferred)Authorization: Bearer {key} (alternative)
Embed API CORS wrapper pattern
export const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type',
};
export function embedResponse<T>(data: T, message: string, status = 200) {
return new Response(JSON.stringify({ success: true, message, data }), {
status,
headers: corsHeaders,
});
}
Response utility pattern
export const handle200 = (data: any, message: string) =>
NextResponse.json({ success: true, message, data }, { status: 200 });
export const handle401 = () =>
NextResponse.json({ success: false, message: 'Not authenticated.' }, { status: 401 });
export const handle404 = () =>
NextResponse.json({ success: false, message: 'Resource not found.' }, { status: 404 });
export const handle429 = () =>
NextResponse.json({ success: false, message: 'Too many requests. Please try again later.' }, { status: 429 });
Operational tips
Keep contracts stable
Preserve success, message, and data envelope consistency across all handlers.
Log with context
Include actor, endpoint, and request identifiers in server logs for audit and debugging.
Do not expose API keys
Keep keyed requests on trusted backend infrastructure.
Prefer explicit validation
Validate path/query/body before data fetches to avoid noisy 500s.
Next steps
