Document HTTP status codes for legacy web services

[oschwald]

Draft — do not merge until the service change has shipped to production.

This is the public-docs companion to the MaxMind internal service change tracked
as STF-67 (internal PR #44529). It documents a customer-facing behavior change;
it should be merged only once that change is live in production.

Customer-facing behavior change

The legacy web services now return meaningful HTTP status codes for
authentication and funds errors. Previously these conditions were reported only
as an error-code string in the response body (with a 200 OK status). Now:

• minFraud Legacy and the shared proxy detection path: authentication
  failure -> 401 Unauthorized; account out of queries -> 402 Payment Required.
• GeoIP Legacy: missing/invalid license key -> 401 Unauthorized; account
  out of queries -> 402 Payment Required (newly added).
• IP-not-found deliberately still returns 200 OK (not 404), to avoid
  breaking existing integrations. Other warnings also continue to return 200.
• The response body and its error-code strings are unchanged. In particular,
  for GeoIP Legacy an out-of-queries condition still returns the body error code
  INVALID_LICENSE_KEY; only the HTTP status line changed (now 402).

This lets customers detect these conditions at the HTTP layer (for example, with
an edge or CDN rule) without parsing the response body.

Files changed

• content/geoip/docs/web-services/legacy.md
• content/minfraud/minfraud-legacy.md
• content/minfraud/proxy-detection.md

The modern GeoIP2/minFraud REST documentation (responses.md) already documents
401/402 and is not affected by this change.

---

Opened by Claude, on Greg's behalf.

Generated with Claude Code

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: b1165fe5-0569-4d6e-967a-e57c0986f63f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch greg/stf-67-legacy-web-service-http-status-codes

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying dev-site with    Cloudflare Pages

Latest commit:	16b6892
Status:	✅  Deploy successful!
Preview URL:	https://93cf6dbd.dev-site-4ua.pages.dev
Branch Preview URL:	https://greg-stf-67-legacy-web-servi.dev-site-4ua.pages.dev

View logs

[gemini-code-assist]

Code Review

This pull request adds documentation about HTTP status codes to the legacy GeoIP, minFraud, and Proxy Detection web services documentation pages. The new sections explain how HTTP status codes (such as 200, 400, 401, 402, and 5xx) are used to indicate specific error conditions. Feedback on the changes suggests fixing an inline code block in legacy.md that is split across lines, which could cause rendering issues in some Markdown parsers.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The inline code block 402 Payment Required is split across lines 90 and 91. This can cause rendering issues or display an unexpected newline/space inside the code block in some Markdown parsers. Keeping the entire inline code block on a single line ensures correct rendering and better readability.

Suggested change

	`INVALID_LICENSE_KEY` error code; only the HTTP status differs (`402 Payment
	Required` rather than `401 Unauthorized`). The `IP_NOT_FOUND` case continues to
	`INVALID_LICENSE_KEY` error code; only the HTTP status differs
	(`402 Payment Required` rather than `401 Unauthorized`). The `IP_NOT_FOUND` case continues to

References

1. Technical identifiers such as method names, properties, and language keywords must be formatted as code using backticks when referenced in prose. ^(link)