// docs / quotas & limits
Quota fi daangaa
Gatiin quota fi rate-limit armaan gadii hundi yeroo build module entitlements irraa fudhatama; kanaaf fuulli kun waan server dhugumaan hojiirra oolchu irraa gonkumaa hin maqu.
Mirgoota sadarkaa-sadarkaa
| Bilisa | Hobii | Pro | Unlimited | |
|---|---|---|---|---|
| Scans / ji'a | 3 | 50 | 200 | Karoora Unlimited¹ |
| Projects (domeenota mirkanaa'an) | 1 | 1 | 5 | 20 |
| API tokens | 0 | 1 | 5 | 20 |
| Webhook endpoints | 0 | 1 | 5 | 20 |
| Active probes | lakki | eeyyee | eeyyee | eeyyee |
| GitHub repo scans | lakki | lakki | eeyyee | eeyyee |
| Irra-deebii scans saganteeffame | lakki | lakki | cadence ≥3h | ≥6h cadence |
| Hordoffii live threat | lakki | lakki | lakki | eeyyee |
| Sharable reports | lakki | lakki | eeyyee | eeyyee |
| Retention | guyyoota 7 | guyyoota 30 | guyyoota 90 | guyyoota 365 |
| Teessoo garee | 1 | 1 | 1 | 5 |
| Deeggarsa | idilee | idilee | dursa qabu | of-danda'e |
¹ The Unlimited plan's scan quota is subject to fair use — see Terms. ² The project cap defaults to 20 active-monitoring domains at ≥6h cadence. Contact support@fixvibe.app to raise it in exchange for a longer scheduled cadence.
Daangaa saffisa API
Request /api/v1/* fi /api/mcp hundi hash bearer token irratti hidhata, windows lama keessa darba:
- Burst: sekondii tokko keessatti requests 10.
- Steady: daqiiqaa tokko keessatti requests 60.
- Per signed-in user: 30 scan submissions per 10 minutes — a soft cap above the per-plan monthly quota that absorbs bursts without exhausting the daily budget.
429 irratti, deebiin kana of keessaa qaba:
HTTP/1.1 429 Too Many Requests
content-type: application/json
retry-after: 47
x-ratelimit-limit: 60
x-ratelimit-remaining: 0
x-ratelimit-reset: 1715116200
{
"error": "rate_limited",
"message": "Token rate limit exceeded — steady (60/min). Retry in 47s.",
"retry_after_seconds": 47
}Window kufe message keessatti maqaan isaa ni ibsama (burst (10/s) vs steady (60/min)) akka client backoff madaqsuu danda'uuf.
Daangaa saffisaa skaanii karoora Free (IP/24 tokkoof)
On top of the per-org 3-scans-per-month cap, Free plan users face an additional per-IP/24 rate limit: 3 scans per rolling 24 hours per IP /24 block. The same limiter covers anonymous instant scans, which prevents farming Free quota through throwaway accounts on one IP. Requests exceeding the limit return HTTP 429 Too Many Requests with a Retry-After header.
Throttle galmee (per IP/24)
Karoora Free keessatti uumama akkaawuntii ofumaa dhorkuuf IP/24 tokkoof sa'aatii 24 keessatti galmee milkaa'e 5. Callbacks daangeessamoo gara /sign-in?error=rate_limitedtti deebi'u.
Retention
Scans + findings akka gabatee oliitti ofumaan haqamu. Anonymous one-shot scans uumamanii 24h booda dhumu. Audit logs ji'oota 18 tura. Monitor snapshots guyyoota 7 dhumaa + baseline haaraa per (domain, signal) qofaatti pruning ta'u. Alerts dismissed guyyoota 90 booda haqamu. Retention hundi guyyaa guyyaan /api/cron/retention-cleanup tiin hojiirra oola.