Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.evento.so/llms.txt

Use this file to discover all available pages before exploring further.

Purpose

This page documents wrapper and utility patterns used by Evento services so integrators can mirror behavior.
These snippets are representative references, not a published SDK contract.

Public API auth wrapper pattern

export function withUnkeyAuth(handler: Function, options?: {
  requiredPermissions?: string[]
}) {
  // Validates API key through Unkey
  // Checks permissions (for example events:read)
  // Enforces rate limit policies
  // Returns 401 / 403 / 429 on failure
}
Accepted key sources:
  1. x-evento-api-key header (preferred)
  2. Authorization: Bearer {key} (alternative)

Embed API CORS wrapper pattern

export const corsHeaders = {
  'Access-Control-Allow-Origin': '*',
  'Access-Control-Allow-Methods': 'GET, OPTIONS',
  'Access-Control-Allow-Headers': 'Content-Type',
};

export function embedResponse<T>(data: T, message: string, status = 200) {
  return new Response(JSON.stringify({ success: true, message, data }), {
    status,
    headers: corsHeaders,
  });
}

Response utility pattern

export const handle200 = (data: any, message: string) =>
  NextResponse.json({ success: true, message, data }, { status: 200 });

export const handle401 = () =>
  NextResponse.json({ success: false, message: 'Not authenticated.' }, { status: 401 });

export const handle404 = () =>
  NextResponse.json({ success: false, message: 'Resource not found.' }, { status: 404 });

export const handle429 = () =>
  NextResponse.json({ success: false, message: 'Too many requests. Please try again later.' }, { status: 429 });

Operational tips

Keep contracts stable

Preserve success, message, and data envelope consistency across all handlers.

Log with context

Include actor, endpoint, and request identifiers in server logs for audit and debugging.

Do not expose API keys

Keep keyed requests on trusted backend infrastructure.

Prefer explicit validation

Validate path/query/body before data fetches to avoid noisy 500s.

Next steps

Examples

Practical snippets using these patterns in integrations.

Authentication

Header patterns, CORS rules, and auth failure handling.