Public API – Authentication, Rate Limits & Error Responses
QHUB uses API Key and API Secret for authentication.
QHUB Public API – Authentication, Rate Limits & Error Responses
Authentication
QHUB uses API Key and API Secret for authentication.
You can generate a QHUB API key in the API keys section of your QHUB Dev Centre in the Admin Panel: https://app.q-hub.co.uk/admin/dev-centre/api-keys
Every request to the QHUB API must include both headers:
401 Unauthorised (Authentication Errors)
If the API key or secret is:
Missing
Malformed
Invalid
…the API will respond with:
HTTP status:
401 Unauthorized
No rate-limit headers are guaranteed on failed authentication responses.
Rate and Usage Limits
Rate limits are applied per API key in a fixed time window.
Rate limit:
25requests per60minutes per API keyDepending on your agreed support plan, you may also have separate usage limits (e.g. total requests per day/month)
If you exceed either the rate limit or your plan’s usage limit, the API will respond with:
HTTP status:
429 Too Many Requests
Rate Limit Headers
Each successful API response includes the following headers to help you track your usage:
Header | Description |
|---|---|
| Maximum number of requests allowed in the current window (per minute or defined unit). |
| Number of requests remaining in the current window. |
| Time at which the current rate limit window resets, in UTC epoch seconds. |
Example:
503 Service Unavailable (Traffic Spike / Outage)
A 503 from our servers indicates an unexpected spike in API access traffic or a temporary service issue.
HTTP status:
503 Service UnavailableTypical recovery: the service is usually operational again within ~5 minutes
If the outage persists or you are receiving other
5XXerrors, please contact support:
https://q-hub.co.uk/support
Recommended client behaviour:
Implement retry with exponential backoff for
503responsesAvoid tight retry loops to prevent worsening a spike
Ready to try it? Security Settings