Skip to content
On-demand recording | SAP IdM End of Life: Migration Without Disruption | With Deloitte · 60 min Watch recording

ARIA Shield — FAQ

What is a zero‑token SPA?

The SPA uses httpOnly cookies for session; the BFF (Shield) holds and brokers tokens per service. No tokens reside in the browser.

How do budget 402 responses work?

On exceed, Shield returns HTTP 402 with call_id, policy, remaining budget, and retry guidance. On permit, a hold is placed and then settled to actuals in the receipt.

Can I cap streaming output?

Yes. PDP can return constraints (e.g., stream_tokens_max, duration_ms_max) which Shield enforces by early‑stopping the stream.