diff --git a/src/apps.js b/src/apps.js
index 6c10eb4c2..af099b9b2 100644
--- a/src/apps.js
+++ b/src/apps.js
@@ -79,6 +79,7 @@ exports = module.exports = {
     getDataDir,
     getIcon,
     getMemoryLimit,
+    getLimits,
 
     listEventlog,
 
@@ -160,6 +161,7 @@ const appstore = require('./appstore.js'),
     spawn = require('child_process').spawn,
     split = require('split'),
     superagent = require('superagent'),
+    system = require('./system.js'),
     tasks = require('./tasks.js'),
     TransformStream = require('stream').Transform,
     users = require('./users.js'),
@@ -468,6 +470,14 @@ async function getIcon(app, options) {
     return null;
 }
 
+async function getLimits(app) {
+    assert.strictEqual(typeof app, 'object');
+
+    return {
+        memory: await system.getMemory()
+    };
+}
+
 function getMemoryLimit(app) {
     assert.strictEqual(typeof app, 'object');
 
diff --git a/src/routes/apps.js b/src/routes/apps.js
index 7ece1d3a9..8a4dd7356 100644
--- a/src/routes/apps.js
+++ b/src/routes/apps.js
@@ -48,6 +48,8 @@ exports = module.exports = {
     uploadFile,
     downloadFile,
 
+    getLimits,
+
     load
 };
 
@@ -837,3 +839,12 @@ async function getTask(req, res, next) {
 
     next(new HttpSuccess(200, result));
 }
+
+async function getLimits(req, res, next) {
+    assert.strictEqual(typeof req.app, 'object');
+
+    const [error, limits] = await safe(apps.getLimits(req.app));
+    if (error) return next(BoxError.toHttpError(error));
+
+    next(new HttpSuccess(200, { limits }));
+}
diff --git a/src/server.js b/src/server.js
index d0c878e07..030f2d759 100644
--- a/src/server.js
+++ b/src/server.js
@@ -234,6 +234,7 @@ function initializeExpressSync() {
     router.get ('/api/v1/apps/:id/logstream',                          token, routes.apps.load, authorizeOperator, routes.apps.getLogStream);
     router.get ('/api/v1/apps/:id/logs',                               token, routes.apps.load, authorizeOperator, routes.apps.getLogs);
     router.get ('/api/v1/apps/:id/eventlog',                           token, routes.apps.load, authorizeOperator, routes.apps.listEventlog);
+    router.get ('/api/v1/apps/:id/limits',                             token, routes.apps.load, authorizeOperator, routes.apps.getLimits);
     router.get ('/api/v1/apps/:id/task',                               token, routes.apps.load, authorizeOperator, routes.apps.getTask);
     router.get ('/api/v1/apps/:id/graphs',                             token, routes.apps.load, authorizeOperator, routes.graphs.getGraphs); // TODO: restrict to app graphs
     router.post('/api/v1/apps/:id/clone',                        json, token, routes.apps.load, authorizeAdmin, routes.apps.clone);