3

From How API Keys Work (FAQ) I read that the limit of requests per day per IP is 300 without a registered key, or 10000 with it.

And this is what I see by experimenting myself: since I've not registered any key yet, quota_max is 300 for me (well, it was, before I emptied the quota_remaining thus running into the too many requests from this IP error which banned me out for more than 5 hours from now), just like explained in this answer.

However, in the Throttles documentation I see that

  • the quota_remaning is mentioned, so I'm inclined to think the page is about the same topic as the FAQ linked above,
  • but no 300 limit is mentioned;
  • instead, the limit of 10000 is stated whether or not "the application" has an "access_token",
  • the same 10000 limit the FAQ linked above associates to the requests made with the key.

As a further observation How API Keys Work (FAQ), which mention 300 as a limit, also links directly to throttles,

These limits are per user IP address, per-day, with some exceptions.

which doesn't mention 300 as a limit. I guess this is at least an inaccuracy in the doc?

4
  • 1
    Just some clarification: you can't use an access_token without also adding a key to the API request. The only added benefit of using an access_token is that the quota is tied to your access_token, not to your IP.
    – rene
    Commented Nov 14, 2021 at 10:52
  • Also relevant: stackapps.com/questions/9181/…
    – rene
    Commented Nov 14, 2021 at 10:54
  • So as long as I'm developing one app only from one IP only, I should be happy with they key, right?
    – Enlico
    Commented Nov 14, 2021 at 10:55
  • Yeah, having a key is convenient: stackapps.com/questions/8971/i-only-need-a-key-what-do-i-do
    – rene
    Commented Nov 14, 2021 at 10:56

1 Answer 1

2

Without a key the daily quota per IP-address is 300.

With a key the daily quota per IP-address is 10,000.

With an access_token and key (you can't use an access_token without a key) the daily quota per access_token is 10,000.

The throttle help page tries to generally explain which throttle measures exists to prevent abuse:

  • key / access_token for your app
  • backoff field in a response
  • caching

Not mentioned in the Throttle help page but present for real is per IP rate limiting on the SE network edge server (An HA-proxy server IIRC). When that rate-limit kicks-in you get HTTP errors in the 500 range and no guarantee the response body will adhere the API contract.

I don't think the Help page on throttle needs to include un-key-ed limit. It is a detail that doesn't change the goal or info that is available on that page.

Do note that on the aspect of throttling and responses the API is at best inconsistent. See this chat transcript to get some background (unfortunately two issues are discussed in that bookmarked part of the transcript, so you have to ignore the messages that are about the Post/Edit timeline).

2
  • I've kept learning and experimenting in the last month. I think I've hit the per IP rate limiting on the SE network edge server. The page reads: We're sorry... There are an unusual number of requests coming from this IP address. To protect our users, we can't process any more requests from this IP address right now. We'll restore access as quickly as possible, so try again soon. If you believe you have reached this page in error, contact us. I guess that's it?
    – Enlico
    Commented Dec 18, 2021 at 17:41
  • 1
    @Enlico yes, that is the ha-proxy that keeps your IP from reaching the actual webserver.
    – rene
    Commented Dec 18, 2021 at 19:27

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .