Add ratelimiting documentation on official endpoints

As a Roblox developer, it is currently too difficult to design 3rd party web services using non-OpenCloud APIs because they are often undocumented and missing information on ratelimits and restrictions based on certain endpoints.

If Roblox were to address this issue, it would be significantly easier to create 3rd party web (or other types) of applications because many of these services often struggle with trying to figure out the rate limits and/or the other restrictions (such as required headers).

In terms of ratelimits…

I have not yet found an API endpoint within the Roblox scope that clearly documents what the ratelimits are of an endpoints. For example, on this page:

This does not at all tell me how many times I can make a request a minute. Even on POST endpoints, there is no documentation of ratelimits:


Is there a ratelimit? If so, what is it? I wouldn’t know how many times I am allowed to make these requests.

In addition, there are no headers that tell you this either.

Twitter API uses the following headers:

  • X-Rate-Limit-Limit : the rate limit ceiling for that given endpoint
  • X-Rate-Limit-Remaining : the number of requests left for the 15 minute window
  • X-Rate-Limit-Reset : the remaining window before the rate limit resets, in UTC epoch seconds

These headers make it even easier to respect rate limits within your application. It would be great if these were added!

In terms of the “other” information…

There is also nothing that tells us what is allowed and what is not allowed.

For example, can I use proxies? Can I add custom headers? Can I use https/http? What will happen if I do any of this?

It’s a lot of guess and checking. Coming from someone who’s application has been banned from certain API endpoints at times, it’s impossible to know why, because the documentation does not tell you this.

In essence, us developers want to follow all limits Roblox wants to enforce. That’s completely fine! This post is not at all about changing this. But, if you want to put a restriction such as this onto the users of the API, please document it on the API’s docs endpoint!

Thanks! :slightly_smiling_face:



Hey @FxllenCode, thanks for asking about this. I asked around and unfortunately we don’t have any plans to document this for non-Open Cloud APIs, but for Open Cloud-enabled APIs this will be an objective going forward to clearly explain the rate limits and/or returning the kind of specific headers you are asking for, among other documentation.

The vision is that in the far future, we have all of the APIs that you want to use as a third-party on Open Cloud, thus benefitting from the design/documentation standards we are setting for these endpoints.

Regarding your question: the rate limits vary a lot depending on the subdomain, web product, or even specific endpoints you are hitting. There’s no global rate limit we could provide here or that we want to publicly document. Our advice is to be responsible and pace your applications to avoid unnecessary stress on the platform, but generally speaking you are unlikely to hit any limits unless you are doing very egregious work against our APIs.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.