All endpoints are public and require no authentication. API keys are optional and only increase your rate limits.
Unlike many APIs, RuneStats follows the WiseOldMan model where all endpoints are completely open. You can start making requests immediately without signing up or obtaining an API key.
Rate limits are applied per IP address (anonymous) or per API key (authenticated). Using an API key gives you 10x the rate limit.
| Tier | Rate Limit | How to Get |
|---|---|---|
| Anonymous | 10 requests/min | Anyone (IP-based) |
| With API Key | 100 requests/min | Premium + API subscribers |
To use your API key, include it in the X-API-Key header:
curl -H "X-API-Key: rs_live_your_key_here" \
https://runestats.info/api/v1/players/Zezimaconst response = await fetch('https://runestats.info/api/v1/players/Zezima', {
headers: {
'X-API-Key': 'rs_live_your_key_here'
}
});
const data = await response.json();import requests
response = requests.get(
'https://runestats.info/api/v1/players/Zezima',
headers={'X-API-Key': 'rs_live_your_key_here'}
)
data = response.json()Every response includes headers to help you track your rate limit status:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per minute |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Unix timestamp when the rate limit resets |
When you exceed the rate limit, you'll receive a 429 response:
{
"success": false,
"error": {
"code": "RATE_LIMITED",
"message": "Rate limit exceeded. Try again in 45 seconds.",
"retryAfter": 45
}
}API keys are available to Premium + API subscribers. This add-on provides increased rate limits and programmatic access to all public endpoints.
Never share your API key publicly or commit it to version control. If compromised, revoke it immediately in Settings.
API keys follow this format:
rs_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxKeys are 40 characters total: 8 character prefix + 32 random characters