An update to Doorkeeper's API

Tuesday, March 01, 2016

Doorkeeper provides an API that allows developers to create applications that use our data. So far, we've had a pretty humble API, only offering data about the events. We're planning on extending it though, and as a first step, we'll be adding authentication to Doorkeeper's existing API.

Migrating an existing application to the authenticated API

If you've already made an application that is consuming the API, we've tried to make things as simple as possible for you.

  1. Register a developer application from your Doorkeeper account.
  2. Ensure your application is using SSL to access the API (i.e., accessing
  3. After creating an application, you'll be shown a "Public API Access Token". When making API requests, add an Authorization header with the value of Bearer your_token. See the API documentation for a more detailed example.

That's all there is to migrating your application.

Rate limiting

With authentication, we're also introducing rate limiting. Initially, we will be limiting authenticated requests at a rate of 300 requests per five minute and unauthenticated requests at 100 requests per five minutes. Unauthenticated requests are associated with your IP address. We'll be progressively decreasing the limit on authenticated requests per the following schedule:

  • March 31st, 2016 - 20 requests per five minutes
  • April 30th, 2016 - 5 requests per five minutes

Deprecation of unauthenticated API

We eventually plan to deprecate the unauthenticated API entirely. We have not set a date yet, but it will be no earlier than May 31st, 2016. If you have an application that is using the Doorkeeper API and are unable to migrate it to the authenticated API by then, please let us know.

Future API endpoints

Is there an application you have been hankering to build that integrates with Doorkeeper, but haven't had access to the right API? Please get in touch with us and let us know what you want to build. Your ideas will help us shape the future of Doorkeeper's API.