Comment on page
Lingohub offers two authentication methods with our API:
- Token Authentication
- HTTP Authentication
curl -X GET https://api.lingohub.com/v1/projects?auth_token=cb26a0249f6953a...
HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header. The client sends the username and password as unencrypted, base64-encoded text. Because it is unencrypted, it should only be used with HTTPS, as the password can be easily captured and reused over HTTP. Luckily, Lingohub encrypts all communication with SSL.
For each request, the Lingohub API tries to return suitable HTTP status codes. Response codes for the REST API can be suppressed. Below is a list of status codes that are used:
- 200 OK: Success!
- 304 Not Modified: No new data was found.
- 400 Bad Request: Your request was not valid. There will be an explanatory error message.
- 401 Unauthorized: There are missing or incorrect authentication credentials.
- 403 Forbidden: Your request was understood, but it has been refused due to missing rights. There will be an explanatory error message.
- 404 Not Found: The URI requested is not valid or the requested resource, a project for example, does not exist.
- 406 Not Acceptable: If an invalid format is specified in the request the API will return this code.
- 429 Too Many Requests: If too many requests have been performed in a short time the API rate limit is exceeded and will return this code.
- 500 Internal Server Error: Please inform the Lingohub Support team who will investigate as something is damaged.
When the Lingohub API returns error messages, it does so in your requested format. For example, an error from a JSON method might look like this:
"error": "The 'page_size' parameter must be between 1 and 100 but was -1"
To protect Lingohub and our customers from abuse, the API usage is rate-limited, with additional fair use limits.
A rate limiter is implemented using a token bucket. The used algorithm is called Leaky Bucket.
Initially, your account has a bucket that can hold up to 100 tokens. Each request adds a token to your bucket. Once the bucket contains 100 tokens, any additional request will overflow the bucket and trigger the rate limit. The system will respond with an error code 429 – API rate limit exceeded. However, the bucket also “leaks” one token per second. This means new requests are possible every second.
In total, the system allows up to 3700 requests per hour with the possibility to burst up to 100 requests.
The response header displays how many API calls you have left. Be sure to check how many requests are still available to you before starting a large volume of requests.
Additionally, you can set pauses between the API calls. This way you can be sure that no limit will be reached either since one request per second will be freed up.
If you need any assistance implementing throttling, don’t hesitate to contact our support.