Skip to main content

Overview

Epidemic Sound API

Get access to a carefully curated catalog of high quality music created by world-class artists, producers and bands.

For a quick start with the API, checkout our Getting Started guide.

API specifics

Both request and response bodies expect application/json as the Content-Type.

Versioning

This API is versioned with a path prefix. Any existing endpoint or resource field will remain unchanged within a given version. New endpoints or resource fields can be added without notice and within an already published version. If a given API version is deprecated, users will be notified well before it is taken out of service.

CORS restrictions

The API applies Cross-Origin Resource Sharing (CORS) restrictions in the production environment. If you are using the API in the context of a web app, you might need to whitelist your domain in the developer portal. You’ll be able to add domains for your app under “Authentication settings” and “Web Origins”.

Rate limiting

All requests are subject to a daily rate limit. The limit exists to prevent abuse and/or bad behaviour and not to limit legitimate usage. You will be notified by email when your app is approaching the allocated rate limit. Please contact us if you find that you need a higher rate limit.

Rate Limiting Headers

X-RateLimit-Reset - The time in GMT until the next reset of the rate limiter

X-RateLimit-Reached - Whether you have exceeded your limit

Retries, DDoS attacks, and friendly fire

To ensure the stability of the API, we use web application firewall solutions that protect against malicious attacks. In many cases, this allows us to mitigate attacks without affecting users. However, it is sometimes hard to distinguish between an attack and an unintentional request overload from well-intended clients, sometimes referred to as friendly fire.

You can decrease the risk that your client gets mistaken for a malicious actor by implementing delays for any request retries, for example, by using an exponential backoff. This helps to ensure that any failure in the communication between the clients and the API doesn't result in unnecessarily large problems.

DDoS mitigation responses

When the web application firewall denies requests in order to mitigate an ongoing DDoS attack, it may respond with 502 Bad Gateway and an empty response body. We do our best to ensure this does not affect requests from legitimate clients, but unfortunately, this can not always be avoided, and therefore we advise you to handle this case in your clients.