Authentication
Learn about authentication requirements for the Social Unlocks API.
Overview
The Social Unlocks API is designed to be simple and accessible. All documented endpoints are public and do not require authentication, making them easy to integrate into any application.
Public Endpoints
- • Key Validation API
- • Lockers by Username API
- • No API keys needed
- • No tokens required
All public endpoints are rate limited to prevent abuse and ensure fair usage for all developers.
Making Requests
Since no authentication is required, you can make requests directly to our API endpoints. Here's what you need to know:
All API requests should be made to this base URL followed by the specific endpoint path.
When making POST requests, include this header to specify the content type.
All API responses are returned in JSON format with appropriate HTTP status codes.
Rate Limiting
While no authentication is required, all endpoints are rate limited to prevent abuse:
| Endpoint | Rate Limit | Window |
|---|---|---|
| Key Validation API | 100 requests | Per minute per IP |
| Lockers API | 60 requests | Per minute per IP |
Rate Limit Headers
Rate limit information is included in response headers:
Handling Rate Limits
Important: If you exceed the rate limit, you'll receive a 429 status code. Please implement exponential backoff in your applications to handle rate limiting gracefully.
- • Monitor rate limit headers in your responses
- • Implement exponential backoff when you hit rate limits
- • Cache responses when appropriate to reduce API calls
- • Consider implementing request queuing for high-volume applications
Future Authentication
Note: While current endpoints are public, we may introduce authenticated endpoints in the future for advanced features. We'll provide ample notice and documentation for any changes.