Review a CometAPI chat completions contract
Last reviewed: 2026-05-09
Who this is for: on-call engineers, platform owners, and application teams reviewing an internal 2026-05-08 incident that involved CometAPI chat completions requests.
This checklist is not a claim that CometAPI had a public incident on 2026-05-08. It is a practical review guide for teams that logged their own incident on that date and need to verify whether their chat completions integration contract still matches the published API behavior.
For related integration notes, start from the CometAPI tutorials index and the tutorial posts archive. If you maintain internal runbooks, keep naming and editorial conventions aligned with the CometAPI tutorials editorial page.
Key takeaways
- Treat the chat completions contract as more than “the request returned HTTP 200.”
- Verify endpoint path, headers, request shape, response parsing, error handling, and token or billing assumptions separately.
- Use sanitized replay probes; do not replay raw customer prompts during incident review.
- Do not infer rate limits, pricing, model availability, or billing guarantees from an endpoint reference unless those details are explicitly documented there.
- Record any mismatch as either a client bug, documentation drift, deployment drift, or an unresolved vendor/account question.
Concise definition
A chat completions contract is the set of assumptions your client makes when calling the CometAPI chat completions endpoint: method, path, authentication, request fields, response fields, error semantics, streaming behavior, token usage fields, and operational limits. During an incident review, the goal is to prove which assumptions were valid at the time of failure and which ones need correction.
The supplied source for this review is the CometAPI API reference page for chat completions: https://apidoc.cometapi.com/api-13851472.
Incident review workflow
1. Freeze the incident evidence
Before changing code or retry behavior, capture:
- The incident window in UTC and local time.
- Request IDs from your gateway, load balancer, or application logs.
- Sanitized request bodies, with prompts, user data, secrets, and file references removed.
- Response status codes and response bodies.
- Timeout, retry, and circuit-breaker events.
- Deployment versions for the caller, gateway, SDK wrapper, and configuration.
- The CometAPI documentation URL and access date used for comparison.
Do not rely only on dashboard summaries. For contract review, you need request-level evidence.
2. Classify the failure mode
Use a narrow category for each failed request:
| Category | What to look for | Typical owner |
|---|---|---|
| Endpoint mismatch | Wrong base URL, method, or path | Platform/client team |
| Auth mismatch | Missing bearer token, expired key, key in the wrong environment | Platform/security |
| Request schema mismatch | Missing model, malformed messages, unsupported field, wrong token field | Application team |
| Response parser mismatch | Client expects a field that is optional, absent, renamed, or null | Application team |
| Timeout or retry mismatch | Retry policy amplifies load or retries non-retryable errors | Platform/SRE |
| Usage or billing assumption mismatch | Client assumes usage fields, rate limits, or cost behavior not proven by endpoint docs | FinOps/platform |
| Unknown external behavior | Evidence is insufficient or requires CometAPI support/account review | Incident commander |
3. Compare the client contract to the published endpoint
The CometAPI chat completions API reference is the source to check for the published endpoint contract: CometAPI API reference.
Do this comparison from production artifacts, not from memory:
- Extract one successful request and one failed request from the incident window.
- Redact user content and credentials.
- Compare method, path, headers, and JSON body to the API reference.
- Compare your parser expectations to the documented response schema.
- Mark each assumption as “supported,” “unsupported,” or “needs account/vendor confirmation.”
Contract details to verify
| Contract area | What to verify | Practical validation step | Source support |
|---|---|---|---|
| Endpoint paths | Confirm the client uses the documented chat completions method and path, commonly expected as POST /v1/chat/completions for OpenAI-compatible chat completion integrations. Confirm the current base URL from your environment configuration. | Inspect production gateway logs for method, host, and path during the incident window. Compare against the CometAPI endpoint reference before changing code. | CometAPI chat completions API reference: https://apidoc.cometapi.com/api-13851472 |
| Auth headers | Confirm requests include the required authorization mechanism, typically an Authorization: Bearer <token> header, and Content-Type: application/json for JSON requests. | Check redacted headers in gateway logs. Verify the key came from the intended environment and was not sent in a query string. | CometAPI chat completions API reference; your secret-management audit logs for actual key source |
| Request fields | Confirm required request fields such as model and messages are present and shaped as documented. Confirm optional generation fields used by your client are documented for the endpoint. | Validate one failed request body against the documented schema. Look for null messages, empty arrays, unsupported role names, or renamed token-limit fields. | CometAPI chat completions API reference for request schema |
| Response fields | Confirm your parser handles the documented response structure, including choices/message content and any usage fields if returned. Treat optional fields as optional. | Replay a sanitized request in a non-customer context and compare the raw response with parser expectations. | CometAPI chat completions API reference for response schema; your application logs for actual observed response |
| Error behavior | Confirm how your client handles non-2xx responses, validation errors, authentication errors, timeouts, and malformed responses. Do not retry all failures blindly. | Build a timeline of status codes. Separate auth/validation failures from transient transport failures. Confirm retry policy did not multiply traffic. | Endpoint reference where error examples are documented; production logs for incident-specific status and payloads |
| Rate-limit or billing assumptions | Do not assume rate limits, billing thresholds, or pricing from the chat completions endpoint page unless those are explicitly documented there. | Compare usage records, account dashboard exports, contract terms, or invoices. Keep pricing/rate-limit findings out of the endpoint-contract conclusion unless sourced. | Not established by the supplied evidence URL unless explicitly present there; verify with account documentation, dashboard, invoice, or CometAPI support |
Sanitized contract probe
Use a minimal probe only after confirming that running a test request is allowed in your environment. Replace the model with one approved for your account and keep the prompt synthetic.
curl -sS -X POST "$COMETAPI_BASE_URL/v1/chat/completions" \
-H "Authorization: Bearer $COMETAPI_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "REPLACE_WITH_APPROVED_MODEL",
"messages": [
{
"role": "system",
"content": "Return only valid JSON with keys status and echo."
},
{
"role": "user",
"content": "contract_probe_2026_05_08 redacted"
}
],
"temperature": 0,
"max_tokens": 32
}'
Validate the probe by checking:
- The request reaches the expected host and path.
- The authorization header is present and redacted in logs.
- The response is parseable by your production parser.
- The parser does not require fields that are absent or optional.
- Token usage fields, if returned, are recorded without assuming billing finality.
- Latency and timeout thresholds are compared to your own SLOs, not treated as universal thresholds.
Validation checklist for the incident record
Request contract
- The method and path in logs match the published chat completions endpoint.
- The base URL came from the expected environment.
- No traffic used stale preview, staging, or legacy routes unintentionally.
- The request body included the required fields documented for chat completions.
- Optional fields used by the client are documented or intentionally tolerated.
- Prompt and message content were redacted before sharing the incident packet.
Authentication contract
- The bearer token was present.
- The token belonged to the correct account or project.
- The token was not expired, revoked, rotated, or loaded from the wrong secret.
- The token was not logged in plaintext.
- Authentication failures were not retried as if they were transient capacity errors.
Response parsing contract
- The parser accepts the documented response object.
- Optional fields are treated as optional.
- Unknown fields do not break deserialization.
- Empty or refusal-like outputs are handled as application outcomes, not transport failures, unless the response status indicates failure.
- Streaming and non-streaming responses are parsed by separate code paths if both are used.
Error and retry contract
- 4xx validation or authentication errors are not retried automatically.
- Transport timeouts use bounded retries with jitter.
- Retry attempts preserve observability: original request ID, attempt number, and final outcome.
- Circuit breakers prevent an application loop from turning one endpoint issue into a wider outage.
- User-facing fallbacks are logged distinctly from provider responses.
Usage and accounting contract
- Usage fields are recorded only when present in the response.
- Internal token budgets are enforced before sending large prompts.
- Billing conclusions are confirmed through account-level billing records, not only response metadata.
- Any cost anomaly is assigned its own investigation item.
What to write in the post-incident note
Use short, testable statements:
- “During the incident window, 93% of failed requests used the documented path, while 7% used a stale route from service version X.”
- “Authentication failures began after secret rotation at 14:08 UTC; the retry policy incorrectly retried 401 responses.”
- “The endpoint returned a successful response, but our parser rejected it because
usagewas absent in one response variant.” - “Rate-limit and billing impact could not be concluded from endpoint documentation; follow-up assigned to account owner.”
Avoid vague statements such as:
- “CometAPI was down.”
- “The model failed.”
- “The API changed.”
- “Tokens were wrong.”
Those may be true or false, but they are not contract-level findings until supported by request, response, and source evidence.
FAQ
Is this a public outage report for 2026-05-08?
No. This is an internal incident review checklist for teams that had their own 2026-05-08 event involving chat completions traffic. It does not assert that CometAPI had a public outage.
Can we close the review if the endpoint returned HTTP 200?
Not by itself. A 200 response only proves the transport and endpoint accepted the request. You still need to validate response parsing, usage handling, application behavior, and whether the returned content satisfied your product contract.
Should we replay real customer prompts?
No. Use sanitized or synthetic probes. If a real trace is needed for debugging, minimize it, remove sensitive content, and follow your organization’s data-handling policy.
What if our SDK wrapper uses different field names?
Compare the raw request emitted by the SDK wrapper to the CometAPI API reference. The wrapper can use internal names, but the outbound JSON must match the endpoint contract.
How should we treat rate limits or pricing during this review?
Treat them as separate account-level questions unless the endpoint documentation explicitly defines them. Confirm rate-limit and billing findings through your dashboard, contract, invoice, or CometAPI account support.
What if the docs and production traces disagree?
Do not patch based on assumptions. Preserve the trace, document the mismatch, test a minimal sanitized request, and escalate with the exact method, path, timestamp, request ID, redacted body, status code, and response payload.
Sources checked
| Source | Access date | Purpose |
|---|---|---|
| CometAPI API reference for chat completions: https://apidoc.cometapi.com/api-13851472 | 2026-05-09 | Confirm the published chat completions endpoint contract, including method/path, request schema, response expectations, and documented operational behavior where available. |