Base URL

Getting a token

In order to identify and authenticate people who are using the API, all requests must include must include the Authorization header as shown:

Authorization: Bearer YOUR_TOKEN_HERE

This token can be obtained from your server dashboard.

Never share your token with anyone including Quark staff. Your token can allow bad people to do bad things to your server.


Ratelimits exist across the entirety of the Quark API in order to prevent abuse. Currently the limit is set to 500 requests every minute, across all the endpoints of the API.

Ratelimits are subject to change without notice. You should not hard-code this value into your code.

Ratelimiting is done per-token on all endpoints which require authentication. Some endpoints do not require authentication, so ratelimits are done by IP address in this case. Endpoints requiring authentication do not count towards the same ratelimit counter as endpoints that do not require authentication.

Handling ratelimits

With every request made, the Quark API exposes headers in the returned responses which provide information about the status of the ratelimits.

X-RateLimit-Limit: 500
X-RateLimit-Remaining: 333

X-RateLimit-Limit is the total number of requests which may be made in a 60 second period and X-RateLimit-Remaining is how many remaining requests may be made in the current 60 second period before a 429 response is returned.