About the REST API


The Prepr REST API is a Content Delivery API.

All responses are cached by our API CDN, caches will be cleared if anything changes in your Prepr environment.

Contact [email protected] to get help implementing your application, or join our development 👨‍💻 #slack


GET: https://cdn.prepr.io


To access the Prepr API you first need to authenticate your app with an OAuth bearer token.

A token provides scoped access to a single environment, you need to obtain another token for every new environment you want to access. Organizations with a Enterprise plan can create access tokens on the organization level.

We recommend using different access tokens for different applications or front end applications, for example, one for an iOS app and another for Android app. This allows you to revoke them individually in the future and manage access independently.

Getting started

Sign in to your Prepr account Go to https://signin.prepr.io and sign in with your Prepr account credentials. Then navigate to the Environment you want to use.

Create an Access token
Go to Settings -> Access tokens and click Add access token.

Enter a name and select scopes to give the new token API access. In most cases just adding publications is sufficient.

Click save and copy the generated access token, you need this later.

To authenticate include a Authorization HTTP header containing the access token in your request.

curl -v https://cdn.prepr.io/{{endpoint}} -H 'Authorization: Bearer sdfg...'

If you fail to include a valid access token, the endpoint will return a status code 401.

Rate limits

There are no rate limits enforced on requests that hit our CDN cache, i.e. the request doesn't count towards your rate limit and you can make an unlimited amount of cache hits.

API Rate limits specify the number of requests an app can make to Prepr APIs in a specific time frame. Every request counts against a per minute and a per hour rate limit.

By default the Prepr API enforces rate limits of 50 requests per second, 3.000 per minute, and 20.000 requests per hour. Higher rate limits may apply depending on your current plan.

When a app gets rate limited, the API responds with the 429 Too Many Requests HTTP status code. Use the HTTP headers in order to understand where the application is at for a given rate limit, on the method that was just utilized.

header attributedescription
X-Prepr-RateLimit-Limitthe rate limit ceiling for a one minute window
X-Prepr-RateLimit-Remainingthe number of requests left for a one minute window
X-Prepr-Retry-Afterthe remaining seconds before the rate limit resets
X-Prepr-RateLimit-Resetthe remaining window before the rate limit resets, in UTC epoch seconds