API (SaaS): Throttling and Quotas

The attachmentAV API (SaaS) applies two kinds of limits to protect the service and ensure fair usage across all customers:

• Throttling limits how many requests you can send per second.
• Quotas limit how many requests you can send per month.

The limits that apply to you depend on your plan.

Need a higher throughput or scan volume? Contact us.

Throttling (#)

Throttling limits the rate at which you can send requests. attachmentAV uses a token bucket algorithm, configured with two values:

• Baseline (rate limit): the average number of requests per second you can send over an extended period of time.
• Burst (burst limit): the maximum number of concurrent requests, i.e. the capacity of the token bucket.

When you exceed the throttling limit, the API responds with HTTP status code 429 Too Many Requests and the body {"error": "Rate limit exceeded."}. We recommend implementing a retry strategy with exponential backoff to handle throttling gracefully.

Quotas (#)

A quota limits the total number of requests you can send per calendar month. The quota resets at the beginning of each month.

When you exceed your monthly quota, the API responds with HTTP status code 429 Too Many Requests and the body {"error": "Quota exceeded."}. Upgrade your plan if you need a higher quota.

Send a GET request to the /v1/usage endpoint to retrieve your remaining credits and your quota at any time. Note that this request itself counts against your monthly quota, even though it does not trigger a file scan.

curl \
  -X GET \
  -H 'x-api-key: <API_KEY_PLACEHOLDER>' \
  'https://eu.developer.attachmentav.com/v1/usage'

{"credits":981,"quota":{"limit":1000,"period":"MONTH"}}

• credits (number): The remaining number of requests for the current period.
• quota (object):
  • limit (number): The maximum number of requests within a period.
  • period (string): The billing period (e.g. MONTH).

See the API Definition for SDK examples (Java, Python, JavaScript, TypeScript) and the regional endpoints.