Ratelimiting and Client Errors
The StackHawk API is available for users and organizations with the access to use it. Nonetheless, SpiderMan rules apply, and errors may occur.
Rate Limiting
API requests are rate-limited, with at most 360 requests per minute.
Some routes (such as the Login with API Key endpoint) may have lower limits. Users that exceed those limits will be served a 429 http response code.
don't be a jabroni
StackHawk would like to remind users and ethical hackers that denial of service attacks are not cool, and access to the API or platform will be rescinded for violations of the terms of service.
Client Errors
API Calls that fail due to client input will return 4xx status code.
400 Bad Request
400 Bad RequestThe server could not process this request, although it may have tried.
The JSON response body message will include details on what input was invalid.
401 Unauthorized
401 UnauthorizedThe server doesn't think you should be making this request.
This error is intentionally vague for security purposes, but any of the following could cause it:
- no authorization was provided
- authorization has expired
- authorization is insufficient for the requested resource
404 Not Found
404 Not FoundThe route or resource does not exist.
429 Too Many Requests
429 Too Many RequestsThe server thinks you've made enough requests for now.
Users can retry the requests again later.
Updated 4 days ago