Rate Limits
QuantumSafe enforces rate limits to ensure fair usage and protect CPU-intensive PQC operations. Limits are applied per IP address + API key combination.
Rate Limit Tiers
| Endpoint | Free | Builder | Pro | Enterprise |
|---|
POST /v1/scan/wallet | 10/min | 60/min | 300/min | Custom |
POST /v1/keys/generate | 5/min | 30/min | 100/min | Custom |
POST /v1/sign/hybrid | 5/min | 30/min | 100/min | Custom |
POST /v1/verify | 20/min | 120/min | 600/min | Custom |
POST /v1/auth/* | 10/min | 10/min | 10/min | 10/min |
CPU-intensive endpoints: Key generation (/keys/generate) and hybrid signing (/sign/hybrid) involve PQC cryptographic operations that are computationally expensive. These have lower rate limits than read-only endpoints.
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1700000000
| Header | Description |
|---|
X-RateLimit-Limit | Maximum requests allowed in the current window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
When You Hit the Limit
When rate limited, the API returns:
{
"error": {
"code": "RATE_001",
"message": "Rate limit exceeded"
}
}
429 Too Many Requests
The response includes a Retry-After header with the number of seconds to wait:
HTTP/1.1 429 Too Many Requests
Retry-After: 12
Dual Check: IP + API Key
Rate limits are enforced on both dimensions:
- Per API key: Prevents a single account from monopolizing resources
- Per IP address: Prevents distributed abuse using multiple keys from the same origin
Both limits must be within bounds for a request to succeed.
If you are behind a shared IP (e.g., corporate NAT, VPN), you may share IP-level limits with other users. Contact support for IP allowlisting on Pro and Enterprise plans.
Best Practices
- Cache scan results — Wallet risk scores change slowly. Cache for 1-24 hours.
- Batch where possible — Generate keys in advance, not on-demand per request.
- Monitor headers — Check
X-RateLimit-Remaining before bursts.
- Use exponential backoff — On
429, wait for Retry-After then retry with backoff.
- Upgrade your plan — If you consistently hit limits, consider a higher tier.
Upgrading
| Plan | Price | Best For |
|---|
| Free | $0/mo | Evaluation and development |
| Builder | $49/mo | Small production deployments |
| Pro | $199/mo | High-volume production use |
| Enterprise | Custom | Custom limits, SLA, dedicated support |
