Skip to main content
The Fiddler REST API is organized around REST: it has predictable, resource-oriented URLs, accepts and returns JSON-encoded payloads, and uses standard HTTP response codes, authentication, and verbs. Use it to ingest events, manage models, configure alerts, run explainability queries, and more.
All endpoints require Bearer token authentication. See Authentication for details on obtaining a token.

Alert Rules

/alert-rules endpoints

Applications

/applications endpoints

Attributes

/attributes endpoints

Baselines

/baseline endpoints

Custom Metrics

/custom-metrics endpoints

Environments

/environment endpoints

Evals

/evals endpoints

Evaluation

/evaluation endpoints

Evaluator Rules

/evaluator-rules endpoints

Evaluators

/evaluators endpoints

Events

/events endpoints

Experiments

/experiments endpoints

File Upload

/file-upload endpoints

FQL Expressions

/fql-expressions endpoints

GenAI Alert Rules

/genai-alert-rules endpoints

Jobs

/jobs endpoints

LLM Gateway

/llm-gateway endpoints

Models

/model endpoints

Projects

/projects endpoints

Queries

/queries endpoints

Segments

/segments endpoints

Server Info

/server-info endpoints

Sessions

/sessions endpoints

Spans

/spans endpoints

Traces

/traces endpoints

User Access Keys

/user-access-keys endpoints

Users

/users endpoints

API Response types

Every Fiddler API response is wrapped in an envelope whose kind field identifies the response type: NORMAL, PAGINATED, or ERROR.

Normal response

Returned by operations that respond with a single resource or result. The payload is carried in data. 
{
  "api_version": "3.0",
  "kind": "NORMAL",
  "data": {}
}

Paginated response

Returned by list operations. The data object carries the current page in items, alongside pagination metadata. 
{
  "api_version": "3.0",
  "kind": "PAGINATED",
  "data": {
    "page_size": 10,
    "item_count": 10,
    "total": 100,
    "page_count": 10,
    "page_index": 1,
    "offset": 0,
    "items": []
  }
}

Error response

Returned when a request fails. The error object carries an HTTP-aligned code, a human-readable message, and an errors array with per-issue detail. 
{
  "api_version": "3.0",
  "kind": "ERROR",
  "error": {
    "code": 404,
    "message": "The requested resource was not found.",
    "errors": [
      {
        "reason": "ResourceNotFound",
        "message": "Model 'abc123' was not found in this project.",
        "help": ""
      }
    ]
  }
}

Rate Limiting

Rate limits apply to the endpoint categories listed below. When a limit is exceeded, the API returns 429 Too Many Requests. These are default limits and are deployment-overridable — your Fiddler administrator can tune them per environment, and rate limiting can be enabled or disabled per deployment.

Default limits

Endpoint categoryLimit
Metadata readGET (list/read) on projects, applications, evaluators, evaluator rules, and related metadata resources30 req/s, 1,000 req/min
Metadata writePOST/PATCH/DELETE on the same resources10 req/s, 300 req/min
Spans query — POST /v3/spans/query10 req/s, 120 req/min
ML event deletion — DELETE /v3/events30 req/day
GenAI bulk delete — DELETE /v3/traces, DELETE /v3/sessions5 req/s, 100 req/day

Response headers

Responses from rate-limited endpoints include the following headers:
HeaderDescription
X-RateLimit-LimitThe active rate-limit policy for the endpoint (for example, 30 per 1 second).
X-RateLimit-RemainingRequests remaining in the current window.
X-RateLimit-ResetUnix timestamp (in seconds) at which the current window resets.
Retry-AfterSeconds to wait before retrying. Sent only on a 429 response.

Per-token limits

Limits are enforced per access token. Each endpoint keeps its own independent counter, so exhausting the limit on one endpoint does not consume the budget of any other.

Handling 429 responses

When a request returns 429 Too Many Requests, wait at least the number of seconds indicated by the Retry-After header, then retry using exponential backoff with jitter. Each operation that enforces a limit also documents its 429 Too Many Requests response on its API reference page (see the resource groups above).