// docs / quotas & limits
Cuota ha límite
Every quota ha rate-limit value below ha'e derived gui pe entitlements module at build time, so this page ikatu never drift gui what pe server actually enforces.
Derecho plan rehegua
| Reípe | Jeguerekorã | Pro | Ilimitado | |
|---|---|---|---|---|
| Scan / jasy | 3 | 50 | 200 | Plan Unlimited¹ |
| Proyecto-kuéra (verified dominio-kuéra) | 1 | 1 | 5 | 20 |
| API tokens | 0 | 1 | 5 | 20 |
| Owner-depth scans | nahániri | heẽ | heẽ | heẽ |
| GitHub repo scan-kuéra | nahániri | nahániri | heẽ | heẽ |
| Scheduled re-scan-kuéra | nahániri | nahániri | ≥3h cadence | ≥1h cadence |
| Live threat detection | nahániri | nahániri | nahániri | heẽ |
| Ñeñongatu | 7 days | 30 days | 90 days | 365 days |
| Team seats | 1 | 1 | 1 | 5 |
| Pytyvõ | estándar | estándar | prioridad | dedicado |
¹ Plan Unlimited escaneo cuota oĩ pyhãra hekoresã guive — ehecha Tee. ² Mba'erechauka guive 20 dominio active monitoring-pe ≥1h cadenciape. Eñembyaty support@fixweb.app-pe emoñe'ẽmba haguã cadencia ojeprograma'ipyre puku rendaguépe.
API rate limits
Every /api/v1/* ha /api/mcp request ha'e keyed on a hash of pe bearer token ha runs through two windows:
- Burst: 10 requests per second.
- Steady: 60 requests per minute.
On 429, pe response includes:
HTTP/1.1 429 Too Many Requests
content-type: application/json
retry-after: 47
x-ratelimit-limit: 60
x-ratelimit-remaining: 0
x-ratelimit-reset: 1715116200
{
"error": "rate_limited",
"message": "Token rate limit exceeded — steady (60/min). Retry in 47s.",
"retry_after_seconds": 47
}The window which tripped ha'e named in pe message (burst (10/s) vs steady (60/min)) so a client backoff ikatu adapt.
Plan Free escaneo pya'e jejoko (peteĩteĩ IP/24)
Aretégui peteĩteĩ tetãygua jasy 3 escaneo jejoko, plan Free puruhárakuéra ohuguaitĩ jejoko pya'e adicional peteĩteĩ IP/24 rendápe: 3 escaneo arapu peguarã, 100 araitépe. Kõ limiter aveí oĩ escaneo pya'e ojekuaa'ỹva, ombotapy plan Free cuota ñembyai cuenta peteĩjehe'íva rupive. Apuvõ ohasáva oimeraẽva jejoko omyengoviave HTTP 429 Too Many Requests Retry-After header reheve.
Signup throttle (per IP/24)
5 ñemboheraguapy oĩ porãva peteĩteĩ IP/24-pe 24 hóra ohasávape, omombyrýre haguã plan Free cuenta ojejapo automatikaichagua. Callbacks ojejoko ohasa /sign-in?error=rate_limited-pe.
Ñeñongatu
Scans + jejuhu-kuéra auto-purge per pe table above. Anonymous one-shot scan-kuéra expire 24h after creation. Audit logs retain guarã 18 months. Monitor snapshots prune pe last 7 days plus pe latest baseline per (dominio, signal). Dismissed alerta-kuéra purge after 90 days. All retention enforced daily by /api/cron/retention-cleanup.