// docs / quotas & limits
Quoten & Limiten
All Quota- a Rate-Limit-Wäert hei ënnen gëtt beim Build aus dem Entitlements-Modul ofgeleet, dofir kann dës Säit ni vun deem ofwäichen, wat de Server wierklech duerchsetzt.
Entitlements pro Tarif
| Gratis | Hobby | Pro | Unbegrenzt | |
|---|---|---|---|---|
| Scannen / Mount | 3 | 50 | 200 | Unlimited Plang¹ |
| Projeten (verifizéiert Domänen) | 1 | 1 | 5 | 20 |
| API-Tokenen | 0 | 1 | 5 | 20 |
| Webhook endpoints | 0 | 1 | 5 | 20 |
| Aktiv Tester | nee | jo | jo | jo |
| GitHub-Repo-Scannen | nee | nee | jo | jo |
| Geplangte Nei-Scannen | nee | nee | ≥3h Kadenz | ≥6h cadence |
| Live-Bedroungserkennung | nee | nee | nee | jo |
| Sharable reports | nee | nee | jo | jo |
| Opbewahrung | 7 Deeg | 30 Deeg | 90 Deeg | 365 Deeg |
| Team-Sëtzer | 1 | 1 | 1 | 5 |
| Ënnerstëtzung | normal | normal | prioritär | dedizéiert |
¹ The Unlimited plan's scan quota is subject to fair use — see Terms. ² The project cap defaults to 20 active-monitoring domains at ≥6h cadence. Contact support@fixvibe.app to raise it in exchange for a longer scheduled cadence.
API-Rate-Limiten
All /api/v1/*- an /api/mcp-Request gëtt op engem Hash vum Bearer-Token gekeyed a leeft duerch zwou Fënsteren:
- Burst: 10 Requests pro Sekonn.
- Steady: 60 Requests pro Minutt.
- Per signed-in user: 30 scan submissions per 10 minutes — a soft cap above the per-plan monthly quota that absorbs bursts without exhausting the daily budget.
Bei 429 enthält d'Response:
HTTP/1.1 429 Too Many Requests
content-type: application/json
retry-after: 47
x-ratelimit-limit: 60
x-ratelimit-remaining: 0
x-ratelimit-reset: 1715116200
{
"error": "rate_limited",
"message": "Token rate limit exceeded — steady (60/min). Retry in 47s.",
"retry_after_seconds": 47
}D'Fënster déi ausgeléist huet gëtt an der Message genannt (burst (10/s) géint steady (60/min)), sou datt e Client-Backoff sech upasse kann.
Scan-Geschwindegkeetslimit vum Free Plang (pro IP/24)
On top of the per-org 3-scans-per-month cap, Free plan users face an additional per-IP/24 rate limit: 3 scans per rolling 24 hours per IP /24 block. The same limiter covers anonymous instant scans, which prevents farming Free quota through throwaway accounts on one IP. Requests exceeding the limit return HTTP 429 Too Many Requests with a Retry-After header.
Signup-Throttle (pro IP/24)
5 erfollegräich Aschreiwungen pro IP/24 all 24 Stonnen, fir d'automatesch Erstellung vu Free Plang Konten ze verhënneren. Limitéiert Callbacks weiderleeden op /sign-in?error=rate_limited.
Opbewahrung
Scannen + Findings ginn no der Tabell hei uewen automatesch geläscht. Anonym One-shot-Scanne lafen 24h no der Erstellung of. Audit Logs ginn 18 Méint gehalen. Monitor-Snapshots ginn op déi lescht 7 Deeg plus déi neist Baseline pro (domain, signal) gepruned. Dismissed Alerts ginn no 90 Deeg geläscht. All Retention gëtt all Dag duerch /api/cron/retention-cleanup duerchgesat.