Configuring Fail-Open vs. Fail-Closed Behavior
The API Failure Behavior setting controls what happens when the verification API is unreachable or when your monthly credits are exhausted. This guide explains both modes and helps you choose the right one for your site.
The Setting
Go to Settings > Age Verification and find the API Failure Behavior option. There are two choices:
- Fail open — allow visitors through unverified
- Fail closed — block visitors from accessing age-gated content
Fail Open (Default)
When the API is unreachable or credits are exhausted, visitors from age-gated regions are allowed through without verification. Your site remains fully accessible.
When to use fail open:
- Your site's availability is more important than strict age-gating.
- Your jurisdiction does not mandate age verification (you are implementing it voluntarily).
- You prefer to avoid losing visitors during temporary API outages.
- You are using the free plan and want your site to remain accessible even after credits run out.
What triggers fail-open behavior:
- Network error when connecting to the XYZ API
- API returning an error status (5xx server error)
- HTTP 402 response (credits exhausted)
- HTTP 403 response (site URL mismatch)
Fail Closed
When the API is unreachable or credits are exhausted, visitors from age-gated regions are redirected to an error page and cannot access your content.
When to use fail closed:
- Your jurisdiction legally requires age verification (e.g., UK Online Safety Act, certain EU regulations).
- You cannot risk unverified visitors accessing your content under any circumstances.
- Regulatory compliance outweighs potential traffic loss during outages.
What the visitor sees:
Visitors are redirected to the age gate page with an ?error=unavailable parameter. The age gate page shows a message explaining that verification is temporarily unavailable and asking them to try again later.
How Credit Exhaustion Is Handled
Credit exhaustion and API failures are handled the same way by this setting. When your free plan credits are used up for the month:
- Fail open: Visitors are allowed through. You may see unverified traffic until credits reset on the first of the month.
- Fail closed: Visitors are blocked. Your content is inaccessible until credits reset or you purchase additional credits.
In-Progress Verifications
If a visitor is already in the middle of a verification session when credits run out, their session is allowed to complete. Only new sessions are blocked. This prevents the frustrating experience of a visitor being cut off after they've already started scanning their face or document.
Making the Decision
Consider these factors:
Legal requirements — If age verification is legally mandated in your jurisdiction, fail closed is the safe choice. Allowing unverified visitors during an outage could expose you to regulatory risk.
Business impact — How much does downtime cost you vs. the risk of unverified access? For most voluntary implementations, fail open is preferable.
Credit management — If you're on the free plan, monitor your credit usage in Settings > Free Plan > Recent Verifications. If you regularly approach 100 credits, consider purchasing additional credit packs or upgrading to Pro.
Hybrid approach — Some operators use fail open during evaluation/testing and switch to fail closed for production deployment.
Monitoring
The verification API has high availability and redundancy. Outages are rare. You can check API status at any time:
- Go to Settings > Age Verification.
- The API Status indicator shows whether the API is currently reachable.
If you're using fail closed and notice your site is blocking visitors unexpectedly, check the API status and your credit balance.
Next Steps
