// docs / quotas & limits
Mga quota at limitasyon
Bawat quota at rate-limit value sa ibaba ay hinango mula sa entitlements module sa build time, kaya hindi kailanman hihiwalay ang page na ito sa aktuwal na ipinapatupad ng server.
Entitlements kada tier
| Libre | Libangan | Pro | Unlimited | |
|---|---|---|---|---|
| Scans / buwan | 3 | 50 | 200 | Unlimited planΒΉ |
| Projects (verified domains) | 1 | 1 | 5 | 20 |
| API tokens | 0 | 1 | 5 | 20 |
| Webhook endpoints | 0 | 1 | 5 | 20 |
| Active probes | hindi | oo | oo | oo |
| GitHub repo scans | hindi | hindi | oo | oo |
| Naka-iskedyul na re-scans | hindi | hindi | β₯3h cadence | β₯6h cadence |
| Live threat detection | hindi | hindi | hindi | oo |
| Sharable reports | hindi | hindi | oo | oo |
| Retention | 7 araw | 30 araw | 90 araw | 365 araw |
| Team seats | 1 | 1 | 1 | 5 |
| Support | karaniwan | karaniwan | prayoridad | nakatuon |
ΒΉ The Unlimited plan's scan quota is subject to fair use β see Terms. Β² The project cap defaults to 20 active-monitoring domains at β₯6h cadence. Contact support@fixvibe.app to raise it in exchange for a longer scheduled cadence.
API rate limits
Bawat /api/v1/* at /api/mcp request ay naka-key sa hash ng bearer token at dumadaan sa dalawang window:
- Burst: 10 requests kada segundo.
- Steady: 60 requests kada minuto.
- Per signed-in user: 30 scan submissions per 10 minutes β a soft cap above the per-plan monthly quota that absorbs bursts without exhausting the daily budget.
Sa 429, kasama sa response ang:
HTTP/1.1 429 Too Many Requests
content-type: application/json
retry-after: 47
x-ratelimit-limit: 60
x-ratelimit-remaining: 0
x-ratelimit-reset: 1715116200
{
"error": "rate_limited",
"message": "Token rate limit exceeded β steady (60/min). Retry in 47s.",
"retry_after_seconds": 47
}Pinapangalanan sa message ang window na na-trip (burst (10/s) vs steady (60/min)) para makaangkop ang client backoff.
Free plan scan rate limit (kada IP/24)
On top of the per-org 3-scans-per-month cap, Free plan users face an additional per-IP/24 rate limit: 3 scans per rolling 24 hours per IP /24 block. The same limiter covers anonymous instant scans, which prevents farming Free quota through throwaway accounts on one IP. Requests exceeding the limit return HTTP 429 Too Many Requests with a Retry-After header.
Signup throttle (kada IP/24)
5 matagumpay na sign-ups kada IP/24 kada 24 oras, para pigilan ang awtomatikong paggawa ng Free plan accounts. Ang mga rate-limited callback ay nire-redirect sa /sign-in?error=rate_limited.
Retention
Scans + findings ay awtomatikong pine-purge ayon sa table sa itaas. Ang anonymous one-shot scans ay nag-e-expire 24h matapos malikha. Ang audit logs ay nire-retain nang 18 buwan. Ang monitor snapshots ay pine-prune sa huling 7 araw kasama ang pinakabagong baseline kada (domain, signal). Ang dismissed alerts ay pine-purge pagkatapos ng 90 araw. Lahat ng retention ay ipinapatupad araw-araw ng /api/cron/retention-cleanup.