Rate limit

The API has a limited number of requests a client can make daily. These limits are counted per 24h and vary according to the type of authentication you use.

How does it work

Each time you make a request, the HTTP response headers will contain 3 headers wirh rate limit information:

X-RateLimit-Limit: <int>
X-RateLimit-Remaining: <int>
X-RateLimit-Reset: <int>

When you reach your daily limit of requests you will get a 403 response:

    'message': 'API rate limit exceeded, see http://developers.bratabase.com/rate-limit/ for details.'

Using your requests smartly

All the responses will contain an Etag header, make sure you always send that back in your request, that way you will get a 304 response and those don't affect your request count as long as the content has not changed.

Authentication types


An unauthenticated request is such made without any credentials, all the requests on the example to show how to access bra data are unauthenticated since we are not sending any identifier in them.

These kind of requests are limited to 30 a day.

With App credentials

These are the requests where your application ID and Secret are sent with the request so we can identify which application do these requests belong to.

These kind of requests are limited to 300 a day.

User authorization token

These requests are those that send a user's token in the request.

These kind of requests are limited to 100 a day.

Querying rate usage

When you visit the rate limit endpoint you will see a response with this shape:

    "body": {
        "base": {
            "reset": <int>, 
            "limit": <int>, 
            "remaining": <int>
    "links": {}, 
    "self": <url>, 
    "meta": {}, 
    "rel": "resource", 
    "spec": null

Visiting this URL will not consume your rate.

Special cases

These endpoints will not consume your daily usage:

How to get here

To reach this endpoint follow the rate_limit url under the links section on the API root.

API root -> rate_limit