Accessing
The Bevy Public API is accessible on /api
.
For example: if your Bevy site is at https://events.bevy.com, then the API is accessible below https://events.bevy.com/api. That is your Base URL.
Versioning
The Bevy API is a versioned API. To specify the API version, set the version via the Accept header.
Example:
GET /api/search/chapters HTTP 1.1 Host: bevy.example.com Accept: application/json; version=1.0
This is optional. If you do not specify a version in the Accept header, then the current version will be used by default.
Authentication
All API endpoints accept authentication. Some require it. For the endpoints that require credentials, you must use a Bevy API Key.
Obtaining an API key
Admin user has an API key. Check this article to see how to manage your key.
Don’t give away your API key. It’s personal and is yours, like your account password. You can reset it by clicking the button below. Careful, resetting the key will cause any requests made with the old key to fail.
Using the API key
To use the API key on an API request, you should specify an Authorization header.
The string must include the word "Token" followed by a space and the actual token.
Example:
Authorization: Token 99d4b091990fN314f9418ad846dd0e4bXpfc6ee4b
See the reference of individual API endpoints to learn which ones require authentication.
Responses
The outcome of API requests are communicated by both an HTTP status code and (where applicable) a detail string. The API detail string (or result body) is always a JSON-formatted string representing structured data, e.g., representing a single data record or a list of data records.
The following table shows the different types of response that can be expected.
Status | Detail | Notes |
200 | {...} | OK |
201 | {...} | Resource created |
204 | Resource deleted / gone | |
400 | {"field_name": "Error message"} | Invalid Request |
403 | {"detail": "Permission Denied"} | Permission Denied |
500 | Server error |
Rate Limits
- Authorized users: 10,000 requests per day per user (requests with an authentication token). The limit is shared for all inbound IPs.
- When the request is not authorized, in other words coming from Anonymous users, the limit is 5,000 requests per day per IP when the request is not authorized.
- The search endpoints (/api/search/**) has a special rate limit of 50 requests per minute, per user or per IP (for anonymous users)