> ## Documentation Index
> Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Rate limits and request quotas

> SOC Defenders enforces per-minute and per-day rate limits based on your subscription tier. Free allows 10 req/min; Pro allows 1,000 req/min.

SOC Defenders enforces rate limits to ensure consistent performance for all users. Limits apply per API key and reset on a rolling basis. If you exceed a limit, the API returns a `429 Too Many Requests` response until the window resets.

## Limits by tier

| Limit               | Free   | Pro       |
| ------------------- | ------ | --------- |
| Requests per minute | 10     | 1,000     |
| Requests per day    | 1,000  | 1,000,000 |
| Results per request | 100    | 10,000    |
| IOC lookback period | 1 day  | 365 days  |
| Article lookback    | 7 days | 365 days  |

<Note>
  If your use case requires higher throughput, a longer lookback period, or more results per request, upgrade to the Pro tier. See [Pricing](/api-reference/pricing) for details.
</Note>

## Rate limit response headers

Every API response includes headers that tell you your current usage against the active limit:

| Header                  | Description                                         |
| ----------------------- | --------------------------------------------------- |
| `X-RateLimit-Limit`     | Maximum requests allowed in the current window      |
| `X-RateLimit-Remaining` | Requests remaining in the current window            |
| `X-RateLimit-Reset`     | Unix timestamp (UTC) when the current window resets |

Monitor these headers in your integration to stay within your quota and back off proactively before hitting a limit.

## 429 Too Many Requests

When you exceed a rate limit, the API responds with:

```http theme={null}
HTTP/1.1 429 Too Many Requests
X-RateLimit-Limit: 10
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1716000060
```

```json theme={null}
{
  "error": {
    "code": "rate_limit_exceeded",
    "message": "You have exceeded your request limit. Check the X-RateLimit-Reset header for when your quota resets.",
    "request_id": "req_..."
  }
}
```

Wait until the timestamp in `X-RateLimit-Reset` before retrying. Use exponential backoff for automated retry logic.

## Best practices

**Use the `since` parameter for delta polling.** Rather than re-fetching the full IOC or article feed on each run, pass a `since` timestamp to retrieve only records that have changed since your last successful request. This significantly reduces your daily request count.

```bash theme={null}
curl -H "Authorization: Bearer sk_live_YOUR_KEY" \
  "https://socdefenders.ai/api/v1/iocs?since=2026-05-17T00:00:00Z"
```

**Cache results locally.** If multiple services or team members query the same data, fetch it once and distribute from a local cache rather than issuing redundant API calls.

**Page efficiently.** Use the maximum `limit` your tier allows per request to retrieve more data in fewer calls.
