/LESSON 2
About
Duda API
To get started with the fundamentals of the Duda API, refer to the introductory course available at: Using Duda’s API – Duda University
API Architecture and Security Overview
REST-Based Structure
Duda’s Partner API is built using REST, a common structure for APIs that uses standard HTTP methods like
GET
,
POST
, and
DELETE
to work with data. This makes the API predictable and easy to integrate with most modern tools.
Secure Connections Only
All API requests must be made over a secure connection using HTTPS. Duda supports only TLS version 1.2 and above, which ensures that the data sent between your system and Duda is encrypted and secure.
Protocol Enforcement (No HTTP Allowed)
Duda does not support standard (non-secure) HTTP connections. All traffic must go through HTTPS to be accepted.
Authentication Method
To access the API, you’ll use Basic Authentication. This involves combining your username and password (provided by Duda) into a single string, encoding it in base64, and including it in your request headers.
Attention
Resetting your password may impact any existing integrations that rely on your current credentials. If it's your first time using the API, you'll have the option to reset the password. Please proceed with caution.
Authentication and security
Duda APIs use HTTP Basic Authentication to validate requests and authorize access to resources.
When API access is provisioned, you’ll receive a unique username and password tied to your account. To authenticate:
- Concatenate the username and password using a colon:
username:password - Base64 encode the resulting string.
- Include the encoded value in the
Authorizationheader of your request, prefixed with the wordBasic.
Example header:
Authorization: Basic <base64-token> | https://api.duda.co/api
Rate limits
To ensure stability and consistent performance across the platform, Duda enforces both global and endpoint-specific API rate limits.
Global Rate Limit
- All API endpoints are subject to a hard limit of 10 requests per second.
- For sustained usage or batch operations, Duda recommends a safe pacing of
1 request every 125 milliseconds (8 requests per second) to avoid triggering rate limits.
Endpoint-Specific Rate Limits
Some high-impact endpoints have stricter, dedicated limits
| Endpoint | Limit |
|---|---|
| Publish | 20 calls per minute |
| Unpublish | 20 calls per minute |
| Create site | 60 calls per minute |
| Create account | 60 calls per minute |
| Refresh collection data by external ID | 1 call every 15 minutes |
| Get contact form submissions | 800 calls per minute |
| Analytics | 60 calls per minute |
| Form submissions | 300 calls per minute |
| Batch membership invitations | 10 calls per minute |
Exceeding these limits will result in
HTTP
429 Too Many Requests
responses. If this occurs, implement retry logic with exponential backoff to manage request frequency.
API
For more details on using Duda API, refer to the Getting Started Guide.