Skip to main content
CoverGuard
All guides

Troubleshooting

Troubleshooting: Integrations & the API

Fix a locked Integration Hub, a failed OAuth callback, an auto-map that can't reach your API, a lost API key or signing secret, and webhooks that aren't arriving.

How-to guides: Integrations, Developer / Partner API.

Integration Hub / connectors

"Integration Hub is locked." Integrations require a Professional (paid) tier. See Billing & plans.

"The OAuth callback failed / 'state expired.'" The connector OAuth state is short-lived (~15 minutes) and a stale callback is rejected. Just restart the connection from Sys Admin → Integration Hub.

"Auto-map can't reach my API URL." The ingest fetch is SSRF-guarded — private, loopback, link-local, and CGNAT hosts are blocked, and redirects aren't followed. It's also time-boxed and size-capped. If your spec is on an internal-only host or is huge, use pasted spec text instead of a URL, or a public OpenAPI URL.

"Auto-map produced a weird mapping." The mapping is a proposal — review and edit it before saving. Nothing syncs from a proposal alone; mapping never moves data on its own.

"Sync isn't flowing after connecting." Confirm you created an Integration (the connection alone doesn't define what syncs) and that the mapping is saved/attached. Vault-backed token storage for some providers is still gated, so a provider may connect for discovery/mapping without persisting tokens yet.


Partner API keys

"The Developer tab is locked." API access is Team-tier. See Billing & plans.

"I lost my API key / signing secret." Both the raw API key and the webhook signing secret are shown once at creation — CoverGuard only stores a hash/prefix. If you lost it, rotate the key (or recreate the webhook) to get a fresh one.

Error responses:

ErrorMeaningFix
403 KEY_NOT_APPROVEDApproval is required and this key isn't approvedAn admin approves it
403 SUBSCRIPTION_INACTIVEOwning account lapsed/downgraded below TeamRestore the plan
403 FORBIDDEN_SCOPEKey lacks the scope for that callUse a key with the scope
429 + Retry-AfterPer-key rate limit or monthly quota hitBack off / raise quota
503 QUOTA_UNAVAILABLEUsage accounting temporarily unavailable and the key fails closedRetry shortly

Webhooks

"My webhook isn't receiving events." Check, in order:

  1. The endpoint is HTTPS and returns 2xx quickly.
  2. The event filter includes the event type you expect.
  3. The endpoint is active.
  4. The per-endpoint delivery log (with retries) — it shows attempts and failures.

"How do I verify a delivery is really from CoverGuard?" Every delivery is HMAC-SHA256 signed with your endpoint's signing secret — verify the signature on your side using that secret.

"Team member changes aren't reaching my system." team.member.invited/updated/removed webhooks fire to the owner's registered endpoints; confirm the endpoint is registered under the account that owns the org.

Now AI-native

From hazard report to real carrier quotes & pricing

The CoverGuard Advisor reads the risk, finds the carriers writing it, and pulls back live quotes — with every number sourced and auditable.