Rate Limits

API rate limits ensure fair usage and platform stability.

Rate Limits by Tier

Tier	Requests/Minute	Scans/Month	Projects
Starter	10	10	2
Pro	60	50	5
Business	300	200	20

Rate Limit Headers

Every API response includes rate limit information in the headers:

Header	Description
`X-RateLimit-Limit`	Maximum requests per window
`X-RateLimit-Remaining`	Remaining requests in current window
`X-RateLimit-Reset`	Unix timestamp when window resets
`X-RateLimit-Tier`	Your subscription tier

Rate Limit Exceeded

When you exceed the rate limit, the API returns a 429 status:

HTTP/1.1 429 Too Many Requests
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1705318800
Retry-After: 45

{
  "success": false,
  "error": {
    "code": "RATE_LIMITED",
    "message": "Rate limit exceeded. Limit: 60 requests per minute (pro tier)",
    "details": {
      "retryAfter": 45,
      "tier": "pro",
      "limit": 60
    }
  }
}

Best Practices

•Implement exponential backoff when receiving 429 errors
•Batch API requests where possible instead of individual calls
•Cache GET responses where appropriate
•Monitor the X-RateLimit-Remaining header proactively