Stack Exchange · Rate Limits

Stackexchange Rate Limits

The Stack Exchange API v2.3 enforces a daily quota and a dynamic per-method backoff. Without an app key, callers get 300 requests per day per IP. With a registered app key (free, from stackapps.com) the daily quota is raised to 10,000 requests per IP. Every response advertises `quota_max`, `quota_remaining`, and an optional `backoff` field — when `backoff` is non-zero the client MUST wait that many seconds before re-querying the same method or risk a hard throttle (HTTP 503) and possible IP ban. The Stack Overflow MCP beta server applies an additional 100-call per-user daily cap. Stack Overflow for Teams (v3 API) applies its own per-instance limits set by the customer plan.

Stackexchange Rate Limits is the machine-readable rate-limit profile for Stack Exchange on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 6 rate-limit definitions, measuring requests_per_day, backoff_seconds, concurrent_requests, and varies.

The profile also includes 7 backoff/retry policies defined and response codes documented for throttled, quotaExceeded, and banned.

Tagged areas include Rate Limiting, Quota, Throttling, Q And A, and Read-Mostly.

6 Limits Throttle: 503 Quota: 400
Rate LimitingQuotaThrottlingQ And ARead-Mostly

Limits

Daily quota — anonymous (no key) IP
requests_per_day · day
300
Hard daily quota per IP without an app key. Returned in every response as `quota_max=300`. Counter resets at the start of the UTC day.
Daily quota — registered app key IP+key
requests_per_day · day
10000
Daily quota when calls include the `key` query parameter from a registered app. Free to obtain at https://stackapps.com/apps/oauth/register.
Dynamic per-method backoff method
backoff_seconds
varies (advertised in response.backoff)
When the API identifies a consumer as expensive on a particular method it sets `backoff` in the response body (integer seconds). Clients MUST wait that many seconds before re-calling the same method on the same site or they will receive HTTP 503 and progressive throttling.
Concurrency cap IP
concurrent_requests
30
Stack Exchange historically caps simultaneous in-flight requests per IP at roughly 30. Exceeding this returns 503 with a violation flag.
Stack Overflow MCP beta — per-user user
requests_per_day · day
100
Beta-period limit for the official Stack Overflow MCP server. Documented at https://github.com/StackExchange/Stack-MCP.
Stack Overflow for Teams v3 — per-instance team
varies
see team plan
Per-instance limits for the Teams v3 API depend on the customer plan (Basic / Business / Enterprise). Consult your Teams admin or stackoverflow.co/teams/pricing/.

Policies

Always honor backoff
Every response includes an optional `backoff` integer. If non-zero, the client MUST wait that many seconds before re-calling the same method on the same site. Ignoring backoff escalates to HTTP 503 and then to a hard IP ban.
Use a registered app key
Register a free app on stackapps.com and pass `key=...` on every call. This identifies the app, raises the daily quota from 300 to 10,000 per IP, and is required for OAuth-authenticated write methods.
Use response filters to shrink payloads
Create a custom filter via /filters/create that includes only the fields you need. Smaller payloads materially reduce CPU on the service side and shorten observed backoff windows.
Batch by id
Most methods take up to 100 semicolon-delimited ids in a single call. A vectorized /questions/{ids} call costs one quota unit; 100 separate calls cost 100. Always batch.
Site-scope every call
Every per-site method requires the `site` query parameter. Omitting it returns a 400; using the wrong api_site_parameter wastes quota.
Respect HTTP 503 as throttling
The service returns 503 (not 429) for throttling. Clients must treat 503 with an `error_id: 502 throttle_violation` body as a backoff signal and exponentially delay.
OAuth token scoping
Read methods do not require auth. Write methods require an OAuth 2.0 access token with `write_access`; /me/inbox and /me/notifications additionally require `private_info` (and `read_inbox` for inbox). Issue `no_expiry` tokens for daemon use-cases.

Sources