Kvotalar va limitlar

Tier bo‘yicha entitlements

¹ Unlimited rejasining skan kvotasi adolatli foydalanish ostida — Shartlarga qarang. ² Standart cheklov ≥1h tezlikda active monitoring-da 20 domen. Uzunroq rejalashtirilgan tezlik evaziga uni oshirish uchun support@fixweb.appga murojaat qiling.

API rate limits

Har /api/v1/* va /api/mcp request bearer token hash bo‘yicha keyed va ikki window orqali o‘tadi:

• Burst: soniyasiga 10 request.
• Steady: daqiqasiga 60 request.

429’da response quyidagilarni o‘z ichiga oladi:

HTTP/1.1 429 Too Many Requests
content-type: application/json
retry-after: 47
x-ratelimit-limit: 60
x-ratelimit-remaining: 0
x-ratelimit-reset: 1715116200

{
  "error": "rate_limited",
  "message": "Token rate limit exceeded — steady (60/min). Retry in 47s.",
  "retry_after_seconds": 47
}

Qaysi window tripped bo‘lgani message’da ataladi (burst (10/s) vs steady (60/min)), shunda client backoff adapt qila oladi.

Free rejasi skan tezligi cheklovi (har IP/24 uchun)

Tashkilot uchun oylik 3 ta skan cheklovidan tashqari, Free rejasi foydalanuvchilari har IP/24 uchun qo'shimcha tezlik cheklovi bilan duch keladi: soatiga 3 ta skan, kuniga 100 ta. Xuddi shu limiter anonim shoshilinch skanlarni ham qoplaydi, bu bir martalik hisoblar orqali Free kvotasini sarflashning oldini oladi. Har qanday cheklovdan oshib ketadigan so'rovlar Retry-After header bilan HTTP 429 Too Many Requests qaytaradi.

Signup throttle (har IP/24)

Free rejasida avtomatik hisob yaratishni oldini olish uchun har IP/24 uchun 24 soatda 5 ta muvaffaqiyatli ro'yxatdan o'tish. Cheklangan callback-lar /sign-in?error=rate_limitedga yo'naltiriladi.

Retention

Scans + findings yuqoridagi table bo‘yicha auto-purge bo‘ladi. Anonymous one-shot scans creation’dan 24h keyin expire bo‘ladi. Audit logs 18 months saqlanadi. Monitor snapshots last 7 days + har (domain, signal) uchun latest baseline’gacha prune. Dismissed alerts 90 days keyin purge. Barcha retention daily /api/cron/retention-cleanup orqali enforced.