Overview
Epidemic Sound API
Get access to a carefully curated catalog of high quality music created by world-class artists, producers and bands.
For a quick start with the API, checkout our Getting Started guide.
API specifics
Both request and response bodies expect application/json
as the Content-Type.
Versioning
This API is versioned with a path prefix. Any existing endpoint or resource field will remain unchanged within a given version. New endpoints or resource fields can be added without notice and within an already published version. If a given API version is deprecated, users will be notified well before it is taken out of service.
CORS restrictions
The API applies Cross-Origin Resource Sharing (CORS) restrictions in the production environment. If you are using the API in the context of a web app, you might need to whitelist your domain in the developer portal. You’ll be able to add domains for your app under “Authentication settings” and “Web Origins”.
Rate limiting
All requests are subject to a daily rate limit. The limit exists to prevent abuse and/or bad behaviour and not to limit legitimate usage. You will be notified by email when your app is approaching the allocated rate limit. Please contact us if you find that you need a higher rate limit.
Rate Limiting Headers
X-RateLimit-Reset - The time in GMT until the next reset of the rate limiter
X-RateLimit-Reached - Whether you have exceeded your limit
Retries, DDoS attacks, and friendly fire
To ensure the stability of the API, we use web application firewall solutions that protect against malicious attacks. In many cases, this allows us to mitigate attacks without affecting users. However, it is sometimes hard to distinguish between an attack and an unintentional request overload from well-intended clients, sometimes referred to as friendly fire.
You can decrease the risk that your client gets mistaken for a malicious actor by implementing delays for any request retries, for example, by using an exponential backoff. This helps to ensure that any failure in the communication between the clients and the API doesn't result in unnecessarily large problems.
DDoS mitigation responses
When the web application firewall denies requests in order to mitigate an ongoing DDoS attack, it may respond with 502 Bad Gateway
and an empty response body. We do our best to ensure this does not affect requests from legitimate clients, but unfortunately, this can not always be avoided, and therefore we advise you to handle this case in your clients.