Batch Ingestion & Streaming
High-volume agents can produce thousands of events per minute. MandateZ provides two endpoints for throughput-sensitive workloads:POST /api/events/batch— up to 1,000 signed events per request.GET /api/events/stream— Server-Sent Events for live consumption.
When to Use Batch vs. track()
A single
track() call is one HTTP round-trip per event. Batching 500 events
into one request cuts network overhead by ~500× and reduces Supabase load
proportionally.
Direct Batch Calls
Buffered track() (Background Flush)
Enable batchConfig to keep the ergonomic track() API while getting
batch-level throughput:
Buffering Config
Limits
Requests that exceed the per-request cap return
413 Payload Too Large.
Partition larger workloads into multiple trackBatch() calls. MandateZ
does not currently enforce a per-minute organization rate limit; if you
need one, front the endpoint with your own quota layer.
Response Shape
reason is always one of: schema_invalid, signature_invalid,
owner_mismatch, or http_error.
Real-Time Streaming (SSE)
For live dashboards, SOC monitors, or agent-to-agent observation, connect to the streaming endpoint:ready on connection, event for every newly inserted
AgentEvent, and heartbeat comments every 15s to keep proxies from closing
idle connections.
Authentication
Pass an API key in theAuthorization: Bearer mz_live_... header to gate
the stream. The key’s owner_id must match the owner_id query parameter
or the request is rejected with 403.
Reconnection & Gap-Close
Vercel caps long-lived SSE connections at plan-specific durations. BrowserEventSource reconnects automatically and includes the ID of the last
event it received in the Last-Event-ID header. MandateZ honours this
header: on reconnect, the endpoint first replays every event with a
timestamp strictly greater than the last event’s timestamp (matched by
event_id), then switches over to the live realtime subscription. Any
events emitted while the client was disconnected are delivered before
the stream resumes in real time.
For server-side consumers, set Last-Event-ID manually on reconnect
using the event.event_id of the most recent event you acknowledged.
Retry with exponential backoff on onerror.