Technical details for interacting with the API.


Sagittarius A*: API is an HTTP API.


All requests to the API, with the exception of Information Requests, will require a valid API Key to be provided in the x-api-key header for authentication. Each API Key is assigned a key type, where each key type has different permissions and limits applied to which endpoints may be accessed, what rate requests may be sent at, and how many requests may be sent per day. These permissions and limits are applied to all keys assigned the given type.


Each API Key is assigned a key type, where each key type is subject to different permissions and limits. Permissions to an endpoint are denied by default, meaning an API Key must belong to a type explicitly granted permission to access a given endpoint or set of endpoints in order to send requests. Failure to supply a valid API key in the x-api-key header for an endpoint requiring authentication, or attempting to access an endpoint a given key as insufficient permissions for will result in a rejection.


Keys are subject to both rate limits, the maximum number of requests allowed per minute, and a daily limit, the maximum number of requests allowed per 24-hour period. Information about the current rate and daily limits can be found under the response headers, being the X-RateLimit and X-DailyLimit headers. Both rate and daily limits return three headers, Limit, Remaining, and Reset.

  • Limit Header: The Limit Header (X-RateLimit-Limit and X-DailyLimit-Limit) returns the limits the provided key is subjected to. For example, if the Limit header for X-RateLimit returned 60, and for X-DailyLimit returned 10000, this key would be restricted to no more than 60 requests per minute, and no more than 10000 requests in any given 24-hour period.

  • Remaining Header: The Remaining Header (X-RateLimit-Remaining and X-DailyLimit-Remaining) returns the number of remaining requests allowed based on the limit communicated by the Limit Header. The returned requests remaining is the total number of requests allowed (the limit) subtracting the number of requests sent before the reset time. For example, with a Daily Limit of 10000, and 1000 of those requests used, the X-DailyLimit-Remaining header would return 9000.

  • Reset Header: The Reset Header (X-RateLimit-Reset and X-DailyLimit-Reset) returns the timestamp of when the Rate Limit or Daily Limit will reset. When this timestamp is reached, the request allowance is set back to the limit. If the limit had previously been met, new requests will be allowed after the reset time is reached.

If an API Key has exceeded its allowed Rate or Daily limit, the request will be rejected.

Cross-Origin Resource Sharing

The Cross-Origin Resource Sharing (CORS) policy is set up to allow applications from any origin to interact with the API by specifying a wildcard statement (*) in the Access-Control-Allow-Origin header. This policy also defines which request headers are permitted through the Access-Control-Allow-Headers header, including Origin, X-Requested-With, Content-Type, Accept, and x-api-key. For preflight requests using the OPTIONS method, the policy restricts allowed methods to GET, POST, and DELETE, with a successful preflight response indicated by a 200 status code.

Last updated