We use rate-limit and complexity-limit to avoid a single person using too many api ressources.

Rate limitation

We use the leaky bucket algorithm. The leaky bucket algorithm makes use of a queue that accepts and processes requests in a first-in, first-out (FIFO) manner. As requests get queued up, they are processed at a constant rate. This means that even when the server is hit with a burst of traffic, the outgoing responses are still sent out at the same rate. Once the queue is filled up, the server will drop any more incoming requests until space is freed up for more.

To keep track of the remaining amount, we sent back 4 HTTP response headers for each request:



The maximum number of API requests you're permitted to make per hour.


The number of requests allowed for a given number of seconds.


The number of API requests remaining in the current rate limit window.


The time before the rate limit window resets in UTC epoch seconds.

You can make up to 2000 requests per hour. The limitation is IP based but we may change it to user based in the future.

Complexity limitation

Work in progress...

Last updated