ICSSC LogoICS Student Council
Anteater API

Keys and Ratelimits

The ratelimits on Anteater API and how to obtain and use an API key

Rate Limits

You may use most features of Anteater API without requesting an API key. Requests made without keys are ratelimited on a per-IP basis and also draw from a global quota that is replenished on an hourly basis. If the global quota is exhausted, only requests with valid API keys will be accepted, so we recommend that you request an API key here.

When using a key to access Anteater API, you are bound by your own key-specific ratelimit instead of the global quota. Our goal with these rate limits is to support almost all applications while preventing abuse. We understand that student projects, especially those made for a hackathon, may experience sudden traffic spikes, and have ensured our rate limits are much higher than what is necessary for almost all applications. If your application requires a higher rate limit, we will evaluate your use case and may choose to increase your rate limit.

With that being said, we ask that all developers refrain from purposefully sending large amounts of requests in a short interval, or making malicious requests with the intent to exploit vulnerabilities in the API. We reserve the right to blacklist IP addresses making such requests.

If you do believe you have discovered a security vulnerability in Anteater API, please open an issue here. Since we do not serve sensitive data, there is no need to report such issues confidentially, nor is there an email address for such purposes.

Using your API key

Anteater API offers two types of keys, publishable keys and secret keys.

Publishable keys are intended to be used in client-side code and as such can be safely exposed in source code. We verify the identity of the client making the request using a publishable key by comparing the Origin header with the set of allowed Origin headers, which is provided by the user when requesting a publishable key. The Origin header is automatically provided by your HTTP library and cannot be modified.

Secret keys are intended to be used in server-side code, and should not be exposed since no additional verification is performed.

Regardless of the type of key, you'll have to send the key to the API in order to take advantage of its benefits. You must provide your API key as a bearer token in your requests. If you don't know what that means, that's okay. The following is a non-exhaustive list of code snippets for doing so using common HTTP libraries. If the library you're using isn't present below, please don't hesitate to open a pull request!

const res = await fetch(
  // or another endpoint
  "https://anteaterapi.com/v2/rest/websoc" +
    new URLSearchParams({
      year: "2023",
      quarter: "Spring",
      department: "COMPSCI",
    }),
  {
    headers: {
      Authorization: "Bearer YOUR_API_KEY_HERE",
      // other headers
    },
    // other options
  }
);

Previous

Attribution Policy

Next

API Versioning

On this page