• Dark
    • PDF


    • Dark
    • PDF

    Article summary

    Welcome to Rocket.Chat's REST API documentation. This comprehensive guide is structured to equip you with the knowledge required to interact proficiently with Rocket.Chat’s REST API endpoints. This API empowers you to engage with your workspace, oversee rooms and users, manage apps, and seamlessly augment Rocket.Chat's capabilities.

    Adhering to the principles of Representational State Transfer (REST), this API utilizes conventional HTTP methods such as GET, POST, PUT, and DELETE, enabling operations on a variety of resources.

    Security considerations for production environments

    Securing your connection to the production server is crucial when using the Rocket.Chat REST API.

    • Always use the login API exclusively over HTTPS during authentication to ensure confidentiality of user credentials.

    • Implement a strict system that expires and renews authorization tokens regularly to prevent unauthorized access.

    • The precise configuration of user permissions cannot be overstated. Assigning exact access rights to specific endpoints plays a critical role in averting unauthorized actions and potential data breaches.

    Rate limiting

    Rate limiting serves as a critical mechanism within the Rocket.Chat API, aiming to regulate the frequency of API requests effectively. It is enabled by default across all endpoints, contributing to server stability, preventing misuse, and facilitating equitable access among users.

    To enable rate limiter in your workspace,

    • Navigate to Administration > Workspace > Settings > Rate Limiter > API Rate Limiter.

    • Adjust the following settings to fit your requirements:

      • Enable Rate Limiter

      • Enable Rate Limiter in development

      • Default number calls to the rate limiter: The number of default calls for each endpoint allowed within the defined time range.

      • Default time limit for the rate limiter (in ms): Default timeout to limit the number of calls at each endpoint (in milliseconds).

    • Click Save Changes.

    To disable the rate limiter, assign the api-bypass-rate-limit permission for your user group role.

    To modify or disable the rate limiter for an API endpoint in your code, you can use the .addRoute function and provide the desired configuration within the existing options object. By setting the rateLimiterOptions property to false , you can disable the rate limiter for that specific endpoint. Alternatively, you can specify a valid configuration object in the format {numRequestsAllowed: 10, intervalTimeInMS: 60000} to adjust the number of allowed requests and the interval time for the rate limiter.

    When making requests to an API endpoint with a rate limiter, the response headers will include three additional properties:

    • x-ratelimit-limit : This indicates the number of calls allowed within a specific period.

    • x-ratelimit-remaining : It represents the number of remaining requests that can be made within the current rate limit window.

    • x-ratelimit-reset : This specifies the time in UTC epoch milliseconds when the current rate limit window will reset.

    These properties provide information about the rate limit constraints and help you track the usage and availability of the API calls within the defined limits.

    Specific endpoints, such as /api/v1/users.updateOwnBasicInfo, may trigger the rate limiter and currently cannot be customized or disabled through the administration panel.

    Language-specific wrappers

    Rocket.Chat is not the maintainer of these wrappers. They are owned and supported by community members.















    As an end-user, you can submit a new feature request for new APIs in Rocket.Chat.

    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.