A11yRisk/Docs/Rate Limits & Credits

Rate Limits & Credits

The API enforces two independent rate limits and uses a credit system for scan pages.

Rate limits

Endpoint	Limit	Scope
`POST /v1/ci/scans`	60 / minute	Per organisation
All API key requests	60 / minute	Per API key (sliding window)
`GET /v1/scans/*/report`	300 / minute	Per organisation
`POST /v1/api-keys`	20 / minute	Per organisation

Handling 429 responses

When rate-limited, the API returns HTTP 429 with a Retry-After header indicating how many seconds to wait before retrying.

HTTP/1.1 429 Too Many Requests
Retry-After: 60

{ "detail": "rate_limit_exceeded" }

In polling loops, sleep for the Retry-After value before the next attempt. For scan polling, a 5–10 second interval is sufficient and stays well within limits.

Credit model

One credit is consumed per page scanned. A scan requesting 10 pages costs 10 credits.
Credits are reserved at scan submission and deducted when the scan completes.
Credits do not expire.
If fail_on_truncation=true (default) and your balance is below max_pages, the submission returns HTTP 402 with an insufficient_credits error.
Set fail_on_truncation=false to allow partial scans: the scan runs for however many pages your balance covers.

Check your current balance:

curl https://api.a11yrisk.eu/v1/billing/credits \
  -H "X-API-Key: ar_live_YOUR_KEY"

# { "balance": 145, "plan": "paid", "setup_complete": true }

← CI/CD Integration API Reference →