Limits and errors
The billing gate, the error response shape, and every error code Backup returns.
Billing gate
Operations that create billable work — creating datasources, policies,
and destinations, setting credentials, and queueing backups — are
refused with 402 ORG_BLOCKED while your organization is blocked
over unpaid invoices (see
Platform → Billing → Dunning). Two
deliberate softenings:
- Reads, downloads, and deletion keep working. Access to backups you've already paid for is never held hostage.
- Schedules skip, they don't pile up. While blocked, the scheduler advances past due slots without enqueueing jobs; after unblocking, backups resume at the next regular slot with no catch-up burst.
Rate and concurrency behaviour
Backup doesn't rate-limit dashboard/API calls in the usual sense. Concurrency is handled by design instead: jobs queue and are dispatched within seconds, parallel jobs on one datasource are allowed, and duplicate scheduled jobs for the same slot are impossible (enqueueing is idempotent per attachment + slot). Platform-wide quotas live in Platform → Limits.
Error response shape
{
"type": "VALIDATION_FAILED",
"msg": "see fields",
"fields": { "keepLastN": "must be >= 1" },
"timestamp": "2026-07-10T12:00:00Z"
}type is stable and for your code; msg is human-readable; fields
appears on validation failures with one message per offending field.
Error codes
| HTTP | type | Meaning |
|---|---|---|
| 400 | INVALID_PAYLOAD | The request body didn't parse or is structurally wrong. |
| 400 | VALIDATION_FAILED | Field-level validation failed — check fields. |
| 401 | UNAUTHORIZED | Token missing, malformed, expired, or wrong audience. |
| 402 | ORG_BLOCKED | Organization blocked for unpaid invoices — see above. |
| 403 | FORBIDDEN | Authenticated, but not allowed to perform this action. |
| 404 | NOT_FOUND | The resource doesn't exist — or belongs to a different organization (deliberately indistinguishable). |
| 409 | CONFLICT | State conflict: a job is queued/running (datasource or backup deletion), the policy is still attached (policy deletion), the destination is still referenced (destination deletion), or the attachment already exists. |
| 500 | INTERNAL_ERROR | Unexpected server error. Failures are logged with a reference ID included in msg — quote it when contacting support. |
| 501 | (no body) | Reserved endpoint for a flow that isn't shipped yet — currently the two-step overwrite approval (POST /restores/{id}/approve-overwrite); overwrite restores use confirmOverwrite: true instead. |
Two endpoints — the
connection test and
the download link — report
domain failures with HTTP 200 and an ok: false body carrying their
own errorCode, because "your database rejected us" isn't an API
error.
Status
Live platform status: status.norcube.com. Backup's background machinery is built to self-heal across incidents — queued jobs are dispatched when workers return, and stuck jobs are reconciled against actual container state rather than timeouts.