Ingress gate
Validate payload
Runtime ingress gate — validate a JSON payload against a pinned consumer profile before automation writes or branches.
Authentication
Authorization: Bearer dg_… or trial header X-DriftGuard-Trial. Free tier without API access returns 403.
Request body
{
"payload": { "id": 1, "email": "user@example.com" },
"profile": {
"id": "shopify-webhook",
"version": 1,
"schema": {
"type": "object",
"required": ["id", "email"],
"properties": {
"id": { "type": "integer" },
"email": { "type": "string", "minLength": 3 }
}
}
},
"options": {
"profileMode": "hosted",
"mode": "block"
}
}
Profile max 64KB · body max 256KB. Payloads are not stored — only metadata is metered.
Responses
200 — valid payload, or mode: warn with ok: false.
422 — validation failed in block mode.
402 — monthly quota exceeded · 429 — burst limit · includes upgrade URLs.
Headers: X-DriftGuard-Correlation-Id, X-DriftGuard-Validations-Remaining.
Quotas
- Trial: 500 validations/month
- Pro / Critical: 25,000/month · 60/min burst
- Fleet / Fleet+: 100,000/month · 120/min burst
Offline equivalent: driftguard validate CLI or MCP validate_payload (no API key when profile is inline).
Related
- Preflight — egress drift status for watches
- Automation ingress solution
- Developers portal