Introduction
Riot Endpoints
View the OpenAPI specification file
Authentication
Every API request must include an authentication key in the x-api-key
header.
- Obtaining a key: To acquire an API key, customers must contact the technical team.
Authorization
Each key is scoped to a single organization, ensuring that access and data are restricted to the appropriate entity.
Keys can also be limited by specific scopes, such as awareness:read
, simulation:read
, breach:read
, or workspace:read
which define the endpoints that can be accessed.
Pagination
All endpoints that return an array of objects support pagination through two request headers: x-item-limit
and x-next-cursor
.
Even for endpoints with a limited number of items (e.g., /courses
), pagination is available to maintain consistency across all endpoints.
x-item-limit
: Specifies the maximum number of items per page. The maximum allowed value is100
, with a default of50
.x-next-cursor
: Pagination cursor for retrieving the next page of results. On the first request, the client may omit this header or include onlyx-item-limit
. This value must be obtained from the ‘x-next-cursor’ response header of a previous API call. The cursor should be passed unchanged to fetch next pages. Here are some snippets to showcase the usage:
Rate limits
Rate limiting is enforced across all API endpoints and is scoped by the authentication key. This ensures fair usage and prevents abuse of the system.
- Scope: Rate limits are applied per key, meaning all requests made with the same key share the same limit.
- Configuration: Specific rate limits are defined and managed by the technical team.
- Behavior: The rate limiting mechanism operates within fixed time intervals. If the limit is exceeded within a given interval, further requests will return 429 status code until the next interval begins.