Endpoint
GET /api/anti-cheat/status
Public, unauthenticated, CORS-open JSON. Designed to power "Nimbus is currently compatible" badges on community sites and third-party tools without scraping the /status page.
Response shape
{
"status": "ok",
"marvel_build": "6.68",
"marvel_build_detected_at": "2026-05-31T06:30:14Z",
"last_patch_at": "2026-05-31T06:30:14Z",
"nimbus_compatible_build": "w834",
"compatibility_confirmed_at": "2026-06-02T18:14:00Z",
"next_expected_check": "2026-06-04T06:30:00Z"
}
Fields
| Field | Type | Meaning |
|---|---|---|
status | "ok" | "verifying" | "down" | Three-state badge value. "ok" = current loader passes; "verifying" = Marvel just patched and we're rebuilding; "down" = active incident. |
marvel_build | string | null | Marvel Rivals semver string (e.g. "6.68") as seen by our daily Steam poller. null only on first-ever cron run. |
marvel_build_detected_at | ISO 8601 | null | Timestamp when Steam first published the current build. |
last_patch_at | ISO 8601 | null | Timestamp when the loader was last flipped to needs_retest. Currently equals marvel_build_detected_at; kept separate so we can divert them later. |
nimbus_compatible_build | string | null | Loader version (e.g. "w834") currently confirmed green. |
compatibility_confirmed_at | ISO 8601 | null | Timestamp when that loader version went stable. |
next_expected_check | ISO 8601 | Next time our daily Marvel build watcher will re-poll Steam. Daily at 06:30 UTC. |
Status mapping
status is derived from two internal signals:
nimbus:marvel:loader_statusin our KV store ("ok"or"needs_retest").- The build manifest's overall state (
"operational","degraded","incident").
| Internal state | Returned status |
|---|---|
Manifest overall = "incident" | "down" |
loader_status = "ok" (and no incident) | "ok" |
loader_status = "needs_retest" | "verifying" |
| KV unreachable / unknown | "verifying" |
Failure-soft by design — if our KV briefly hiccups, third-party badges show amber, not red.
Caching
Cache-Control: public, s-maxage=60, stale-while-revalidate=300
Marvel patches are detected at most once per day, so minute-level freshness is plenty. The five-minute stale-while-revalidate window keeps the badge serving the last known status even if our origin briefly stalls.
CORS
Access-Control-Allow-Origin: *
Read-only public data. No auth, no rate limit, no body, no cookies.
Example badge
A minimal HTML/JS badge that polls every five minutes:
<a id="nimbus-badge" href="https://getnimbus.net/status" target="_blank" rel="noopener">
<img alt="Nimbus loader status" />
</a>
<script>
(async function () {
const a = document.getElementById("nimbus-badge");
const img = a.querySelector("img");
const colors = { ok: "brightgreen", verifying: "yellow", down: "red" };
async function refresh() {
try {
const r = await fetch("https://getnimbus.net/api/anti-cheat/status", { cache: "no-store" });
const j = await r.json();
const c = colors[j.status] || "lightgrey";
img.src = "https://img.shields.io/badge/Nimbus-" + j.status + "-" + c;
a.title = "Marvel build " + j.marvel_build + " · loader " + j.nimbus_compatible_build;
} catch (e) { img.src = "https://img.shields.io/badge/Nimbus-unknown-lightgrey"; }
}
refresh();
setInterval(refresh, 5 * 60 * 1000);
})();
</script>
Stability
Contract is frozen for v1. We will only add fields — never rename or
remove existing ones. Breaking changes ship under /api/v2/anti-cheat/status.
Last updated: 2026-06-03.