Error Handling
The API uses standard HTTP status codes and returns errors in a consistent JSON format.
Error Response Format
{
"ok": false,
"error": {
"code": "ERROR_CODE",
"message": "Human readable error message"
}
}
HTTP Status Codes
| Status | Description |
|---|---|
| 200 | Success |
| 400 | Bad request - invalid CVE ID format |
| 401 | Unauthorized - missing or invalid API key |
| 404 | Not found - CVE does not exist in NVD |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
| 504 | Gateway timeout - LLM processing took too long |
Common Errors
Invalid API Key
{
"ok": false,
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid or has been revoked"
}
}
Solution: Get a new API key from the dashboard.
CVE Not Found
{
"ok": false,
"error": {
"code": "CVE_NOT_FOUND",
"message": "CVE-2099-99999 was not found in the NVD database"
}
}
Solution: Verify the CVE ID is correct. New CVEs may take a few hours to appear in NVD.
Rate Limited
{
"ok": false,
"error": {
"code": "RATE_LIMITED",
"message": "Rate limit exceeded. Try again in 60 seconds."
}
}
Solution: Wait for the rate limit window to reset, or implement exponential backoff.
Invalid CVE Format
{
"ok": false,
"error": {
"code": "INVALID_CVE_FORMAT",
"message": "CVE ID must be in format CVE-YYYY-NNNNN"
}
}
Solution: Use the correct format: CVE- followed by a 4-digit year and at least 4 digits.
Retry Strategy
For transient errors (5xx status codes), implement exponential backoff:
import time
import httpx
def get_cve(cve_id: str, api_key: str, max_retries: int = 3):
for attempt in range(max_retries):
try:
response = httpx.get(
f"https://wtfisthiscve.com/api/cve/{cve_id}",
headers={"X-API-Key": api_key},
timeout=120.0
)
if response.status_code == 429:
# Rate limited - wait and retry
time.sleep(2 ** attempt)
continue
response.raise_for_status()
return response.json()
except httpx.HTTPStatusError as e:
if e.response.status_code >= 500:
time.sleep(2 ** attempt)
continue
raise
raise Exception("Max retries exceeded")