Miscellaneous

API fees and limits

When working with the Qualy API, it's important to understand the aspects related to fees and usage limits.

Fees

One of the key advantages of using Qualy's API is that it comes with no associated fees. Qualy believes in supporting developers by providing access to its API without the burden of additional costs.

It's essential to note that, despite the absence of explicit fees, Qualy reserves the right to monitor and manage API usage. This ensures fair and equitable access to resources for all users. Developers should be aware that unusual or excessive usage that deviates from typical patterns may be subject to review.

Limits

While Qualy does not impose strict quantitative limits on general API usage, it's important to understand that there are guidelines in place to maintain the quality of service for all users. Qualy reserves the right to slow down or block requests that fall outside the normal usage patterns.

To ensure a positive experience for everyone, developers are encouraged to adhere to best practices and optimize their API calls. This includes efficient use of resources, avoiding unnecessary requests, and being mindful of the potential impact of high-frequency or resource-intensive operations (e.g. complex queries and high limit for returned objects).

Rate limiting

Certain security-sensitive endpoints enforce rate limits to protect against brute-force and abuse. These include authentication-related endpoints such as login, two-factor authentication verification, password reset, and magic link validation.

When you exceed a rate limit, the API responds with HTTP 429 Too Many Requests and includes a Retry-After header indicating how many seconds you should wait before making another request.

Adaptive blocking

Repeated rate limit violations from the same IP address may result in temporary blocks with escalating durations. Ensure your integration respects Retry-After headers and implements exponential backoff to avoid extended blocks.

Stress Testing

Stress testing or load testing of our API endpoints is strictly prohibited without prior authorization in both production and sandbox environments. This policy helps maintain consistent performance and system stability for all users. If your business case requires performance testing, please review our stress testing policy for proper procedures and alternatives.

Developers should regularly check for updates and guidelines regarding API usage, as Qualy may refine its policies to better serve the growing developer community.

Previous
Disputes
Next
Stress testing