# Making an API Request

## Base URL

The PixieBrix API base URL is <https://app.pixiebrix.com/api/>.

## Authentication

To authenticate with the REST API, provide an `Authorization` header with the token for the user, where “YOURTOKEN” is the token for your [service-accounts](https://docs.pixiebrix.com/developer-api/service-accounts "mention"):&#x20;

```
Authorization: Token YOURTOKEN
```

## Version

The PixieBrix API is versioned using the `Accept` header. We follow [Semver](https://semver.org/) and will increment the major version on any backward incompatible changes.

The latest version of the API is version=2.0:

```
Accept: "application/json; version=2.0"
```

## Content-Type

The PixieBrix API accepts and responds with JSON. However, certain endpoints can also return other formats (notably, CSV). Refer to the OpenAPI specification for which content types a given endpoint supports

To control the response format, vary the mime type in the `Accept` header:

```
Accept: "application/json; version=2.0"
Accept: "text/csv; version=2.0"
```

## Pagination

Pagination is supported for API version >= 2.0, see [#version](#version "mention").

Pagination information is included in responses via the Link header. See <https://datatracker.ietf.org/doc/html/rfc8288> for more detailed information.

Most languages have library support for working with Link headers:

* [The Python requests package](https://docs.python-requests.org/en/master/_modules/requests/utils/)
* [The npm parse-link-header package](https://www.npmjs.com/package/parse-link-header)

The response also includes a `X-Total-Count` header which exposes the total number of records across all pages.

You can request a specific page using the `page` query param. For example:

```
/api/database/:databaseId/records?page=2
```

You can control the page size using the `page_size` query parameter. For example:

```
/api/database/:databaseId/records?page_size=150
```

## Throttling

The API endpoints are throttled on a per-token basis to prevent abuse. If you make too many requests within a given minute, the server will respond with `429 Too many requests`.

## Cross-Origin Resource Sharing (CORS)

The Developer API is intended to be used with service accounts (see [service-accounts](https://docs.pixiebrix.com/developer-api/service-accounts "mention")). The Developer API does not currently support [Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS).&#x20;

To make a Developer API call from a custom web application, proxy requests through a backend or CORS Proxy.