Rate limits
Limits keep analysis fast and fair — each request does significant on-chain work. Limits are enforced per client IP.
Per-endpoint limits
| Endpoint | Limit |
|---|---|
POST /api/v1/quick-check | 100 / hour |
POST /api/v1/standard-report | 100 / hour |
POST /api/v1/deep-dive | 20 / hour |
POST /api/v1/batch | 10 / hour |
POST /api/check (legacy) | 100 / hour |
GET /api/tokens | 100 / hour |
GET /api/stats | default per-IP limit |
A baseline per-IP ceiling of 500 requests/day and 100 requests/hour also applies across the API.
Response headers
Every response carries the current limit state:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 87
X-RateLimit-Reset: 1717360000
Retry-After: 3600Handling 429
When a window is exhausted, the API returns 429 Too Many Requests:
{
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Too many requests. Limit: 100 per hour",
"retry_after_seconds": 3600,
"limit": 100,
"window": "1 hour"
}
}Respect
Retry-After with exponential backoff, cache results for 15+ minutes (analysis is also server-cached for 24h), and prefer the batch endpoint when screening many tokens.