Skip to main content


An operator is an entity that operates satellites in orbit.

An operator is identified by a UUID4 as well as a unique human-readable name.

An operator is given a maximum number of objects that they are allowed to create in the system; this is to guard against client misconfigurations. Contact SpaceX if you need to manage more objects than your account currently allows.

Rate Limiting

A primary goal of the screening system is to provide low-latency screening that encourages operators to submit trajectories as frequently as is operationally conventient.

However, reasonable rate limits are needed to protect the system against misconfigured clients. A rate limit is associated with your account, and limits the number of trajectory uploads that can be submitted in an hour. We use leaky bucket rate limiting, and return HTTP 503 reponses to operators that exceed this limit.

Our goal is that our rate limits provide no practical impediment to operators using the screening system. Please contact SpaceX if rate limiting is hampering your operations.

Authentication and Access Controls

Every operator is associated with one or more keys (certificates), and each key is associated with an array of permissions, which allow the operator to take actions in the system:

Permission nameDescription
trajectory:uploadAllows operators to upload trajectories for their objects via the POST /api/v1/trajectory endpoint
trajectory:hypotheticalA subset of the trajectory:upload permission allowing operators to only submit hypothetical trajectories to the system.
object:manageAllows operators to use the POST /api/v1/object or PUT /api/v1/object endpoints to create/modify objects associated with their account.
event:claimAllows operators to use the POST /api/v1/event/{id}/claim endpoint to claim maneuver responsibility for conjunction events

An operator can be provisioned multiple keys with different sets of permissions (i.e., one key with the trajectory:upload permissions, as well as a "read-only" key) to manage access controls within their organization.

You may receive a HTTP 401 (Unauthorized) response if the certificate provided does not have the required permissions to execute a request.