API Rate Limits - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)API Rate LimitsAPI & MCPAPI Rate Limits =============== Understand APVISO's API rate limits, how to monitor usage via response headers, and how to handle 429 responses. Rate Limit Policy ----------------- All APVISO API endpoints are rate-limited to **120 requests per minute** per API key. This applies to both the frontend-facing and programmatic APIs. Rate Limit Headers ------------------ Every API response includes headers that help you track your usage: - `X-RateLimit-Limit: 120` — the maximum requests allowed per window. - `X-RateLimit-Remaining: 87` — requests remaining in the current window. - `X-RateLimit-Reset: 1712764800` — Unix timestamp when the window resets. Use these headers to implement proactive rate limiting in your client code. Handling 429 Responses ---------------------- When you exceed the rate limit, the API returns: ```json { "error": "rate_limit_exceeded", "message": "Too many requests. Please retry after the reset time.", "retryAfter": 45 } ``` The response includes: - HTTP status code `429 Too Many Requests`. - A `Retry-After` header with the number of seconds to wait. - The same value in the response body's `retryAfter` field. Recommended Retry Strategy -------------------------- Implement exponential backoff with jitter: ```typescript async function apiCallWithRetry(url: string, options: RequestInit, maxRetries = 3) { for (let attempt = 0; attempt setTimeout(r, retryAfter * 1000 + jitter)); } throw new Error("Max retries exceeded"); } ``` Tips for Staying Within Limits ------------------------------ - **Batch where possible** — use list endpoints with filters instead of making individual requests for each resource. - **Cache responses** — targets, plans, and other slowly-changing data do not need to be fetched on every request. - **Use the real-time stream** — subscribe to the event stream for pentest updates instead of polling the pentest status endpoint. - **Spread requests** — if you need to make many calls, spread them evenly across the minute window rather than bursting. Enterprise Rate Limits ---------------------- Enterprise customers can request custom rate limits. Contact your account manager to discuss higher limits for your use case. Monitoring ---------- You can view your API usage statistics in **Settings → API Keys**. Each key shows request counts over the last 24 hours, 7 days, and 30 days. ### Related Articles [Generating API Keys How to create and manage API keys for programmatic access to the APVISO API.](/docs/generating-api-keys)[MCP Server Setup Install and configure the APVISO MCP server for use with AI coding assistants like Cursor, Windsurf, and more.](/docs/mcp-server-setup)[Webhook Integration Set up custom webhooks to receive APVISO events at any HTTPS endpoint with signed payloads and automatic retries.](/docs/webhook-integration) [Back to Knowledge Base](/docs) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.