Skip to main content
Depending on user group size, there is typically a 1–2 week period of time in which the models require to silently gather data. Over this time, TOTAL automatically calibrates and tunes its models to your specific organization so that personas, drift detection, threat context, case generation, and related downstream resources can be returned with the right organizational baseline.

What This Means

When a domain is newly enabled for TOTAL, the platform needs an initial calibration period before certain higher-order resources are exposed. During that period:
  • TOTAL is building personas for the domain.
  • The API intentionally blocks specific routes that depend on those personas or on derived organizational behavior.
  • The blocked response is temporary and time-based.
  • The readiness state lasts until external_api_enabled_at_utc is reached.
In practice, clients should interpret this state as not ready yet, not failed.

Status Code

  • 423 Locked
TOTAL uses 423 Locked to indicate that the route exists and is recognized, but the requested resource is not yet available because the domain is still within the readiness window.

Blocked Response Shape

All routes return the same response structure while the models are converging. 
{
  "error": "resource_not_ready",
  "resource": "<cases|personas|threats|drift|integrations|audit>",
  "message": "TOTAL is building personas for this domain. This resource will be ready in <N> days.",
  "details": "<resource-specific not-ready text>",
  "days_until_ready": 12.34,
  "external_api_enabled_at_utc": "2026-04-15T00:00:00+00:00",
  "now_utc": "2026-04-02T15:12:40.123456+00:00"
}

Response Fields

error

Always returned as resource_not_ready. This is the canonical machine-readable signal that the resource is blocked by.

resource

Identifies the route group that is currently unavailable. The possible values are:
  • cases
  • personas
  • threats
  • drift
  • integrations
  • audit
This allows clients to handle blocked resources by type.

message

A human-readable explanation that the resource is still being prepared for the domain and will be ready in <N> days.

details

A route-group-specific explanation of what is not ready yet. This is the only descriptive field that varies by blocked resource type.

days_until_ready

A numeric estimate of the remaining time until the resource becomes available.

external_api_enabled_at_utc

The UTC timestamp when the training period will lift for the blocked routes.

now_utc

The current UTC timestamp at the time the response was generated.

How Clients Should Use This Response

When your client receives this response:
  1. Detect 423 Locked.
  2. Check whether error is resource_not_ready.
  3. Read resource to determine which resource family is unavailable.
  4. Use days_until_ready and external_api_enabled_at_utc to inform retry logic, UI messaging, or onboarding workflows.
  5. Treat the response as a temporary readiness condition rather than an application failure.
This is especially useful for customer onboarding, staged enablement, and external API consumers that need to distinguish between a blocked resource, a missing resource, and a server error.

Cases

Resource: cases Cases appear to depend on completed persona construction and domain-level behavioral context. Until the domain is ready, all listed case endpoints return the blocked response shape. Routes:
  • GET /api/v1/eris/cases
  • GET /api/v1/eris/cases/stats
  • GET /api/v1/eris/cases/{case_id}
  • GET /api/v1/eris/cases/{case_id}/versions
  • GET /api/v1/external/cases/feed
  • POST /api/v1/external/cases/{case_id}/verdict
details: 
Cases are not ready yet for this domain.

Personas

Resource: personas These endpoints are directly tied to persona availability, so they remain blocked until persona construction is complete for the domain. Routes:
  • GET /api/v1/eris/personas
  • GET /api/v1/eris/personas/{tuid}
  • GET /api/v1/eris/personas/{tuid}/history
details: 
Personas are not ready yet for this domain.

Threats

Resource: threats Threat events are blocked during the readiness phase, as they rely on domain-specific context or calibration before being surfaced externally. Routes:
  • GET /api/v1/external/threats
details: 
Threat events are not ready yet for this domain.

Drift

Resource: drift Drift endpoints remain blocked while TOTAL is still establishing baseline persona behavior for the domain. This is consistent with drift detection depending on a calibrated organizational norm. Routes:
  • GET /api/v1/eris/drift
  • GET /api/v1/eris/drift/{drift_id}
  • GET /api/v1/eris/drift/users/{tuid}
details: 
Drift events are not ready yet for this domain.

Integrations

Resource: integrations These integration-facing endpoints are blocked during readiness for this domain. Based on the route names, this likely covers integration status and signal visibility that are downstream of initial organizational calibration. Routes:
  • GET /api/v1/eris/integrations
  • GET /api/v1/eris/integrations/signals
  • GET /api/v1/eris/integrations/{connector_type}
details: 
Integrations are not ready yet for this domain.

Audit

Resource: audit Audit log endpoints are also gated during the training window for this domain. Routes:
  • GET /api/v1/eris/audit-logs
  • GET /api/v1/eris/audit-logs/{log_id}
details: 
Audit logs are not ready yet for this domain.

Routes Not Blocked by the Training Period

The following routes remain available even before personas are fully constructed:
  • Users routes: /api/v1/eris/users...
  • Admins routes: /api/v1/eris/admins...
  • External docs routes:
    • /api/v1/external/docs
    • /api/v1/external/docs/ui
This indicates that user management, admin workflows, and documentation access are available immediately, even while higher-level TOTAL resources are still being prepared.