?Help Center
Contact support

Authentication and rate limits

How to authenticate REST API requests and how many calls you can make per minute.

Updated June 21, 20261 min read

The Fiddle REST API uses API key authentication and applies per-minute rate limits to keep the service responsive for everyone.

Authenticate every request

Pass your API key as a bearer token in the Authorization header:

curl https://fiddle.io/rest/api/v2/sales-orders \
  -H "Authorization: Bearer YOUR_API_KEY"

A missing or invalid key returns 401 Unauthorized. Requests are scoped to the account that owns the key.

Rate limits

Limits depend on whether the request carries a valid API key:

Request type Limit
With an API key 100 requests/min
Without a key 20 requests/min

When you exceed the limit, the API returns 429 Too Many Requests. Wait before retrying.

Build in a small backoff: on a 429, pause briefly and retry. Spreading bulk jobs over time keeps you comfortably under the limit.

Handle errors

The API uses standard HTTP status codes:

Status Meaning
200 / 201 Success
400 Invalid request body or parameters
401 Missing or invalid API key
404 Resource not found
429 Rate limit exceeded

Always send requests over HTTPS. Keys sent over plain HTTP are exposed in transit.

Next steps

See common API recipes for ready-to-run examples.

Was this article helpful?

Related articles

REST API overviewWhat the Fiddle REST API does, where to find the docs, and how requests are structured.Get an API keyCreate, name, and safely store an API key to authenticate REST API requests.WebhooksReceive real-time event notifications from Fiddle instead of polling the API.

Still need help?

Ask Filo, our built-in AI assistant, for an instant answer — or get in touch with our team and we'll take it from there.

Ask FiloContact support