Stack API Rate Limits
Stack enforces rate limits to ensure fair usage of our API and to maintain a high level of performance for all users. Every non-enterprise account is subject to the same rate limits, which are applied at both the IP address and API key levels. This guide explains the rate limits, how they are enforced, and what actions Stack reserves the right to take in case of violations.
Overview of Rate Limits
Rate limits are applied to the number of API requests you can make over a certain period of time. The primary goal is to prevent abuse and ensure that resources are available for everyone using the API. Rate limits for non-enterprise accounts are designed to allow normal usage but may restrict excessively high-volume operations.
Rate limits are subject to change. You can always check the headers of an API response to view your remaining limit.
How Rate Limits Work
- IP Address Level: Rate limits are enforced per individual IP address. This helps prevent abuse from a single IP sending an excessive number of requests.
- API Key Level: Each API key is also subject to rate limits. This means that if multiple users share the same API key, their combined usage will count towards the limit.
Current Rate Limits
For non-enterprise accounts, the following limits currently apply:
- Maximum Requests per Minute: 100 requests
- Maximum Requests per Hour: 1,000 requests
- Maximum Requests per Day: 10,000 requests
These limits are enforced strictly, and Stack may return a 429 Too Many Requests
error if the limits are exceeded.
Handling Rate Limit Errors
If you exceed the rate limit, the API will return a 429
status code along with the following response:
{
"status": "error",
"code": 429,
"message": "Rate limit exceeded. Please wait and try again."
}
To handle this error effectively, you should implement retry logic in your application. Make sure to introduce appropriate delays between retries to avoid hitting the limit again.
Violations and Account Actions
Stack reserves the right to take action against any account that attempts to manipulate or bypass the rate limits. This includes, but is not limited to:
- Blocking the IP address
- Suspending the API key
- Terminating the account
Actions are taken at Stack's discretion based on the severity of the violation.
Rate Limit Headers
You can monitor your rate limit usage by checking the headers in the API response. The headers include information about how many requests you have remaining, your limit, and when your limit will reset.
Common rate limit headers:
- X-RateLimit-Limit: Total number of requests allowed in the current time window.
- X-RateLimit-Remaining: Number of requests remaining in the current time window.
- X-RateLimit-Reset: Time when the rate limit window resets, in UTC.
By checking these headers, you can proactively manage your API usage and avoid exceeding the limits.