Rate Limits
Current Limits
The Vulnpatch API implements rate limiting to ensure fair usage and service availability.
| Tier | Requests | Window |
|---|---|---|
| Public | 100 | per minute |
| Authenticated | 500 | per minute |
Response Headers
Rate limit information is included in response headers:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1705315200Rate Limit Exceeded
When you exceed the rate limit, the API returns:
http
HTTP/1.1 429 Too Many Requests
Retry-After: 60
{
"success": false,
"error": "Rate limit exceeded. Please wait before making more requests."
}Best Practices
Implement Exponential Backoff
javascript
async function fetchWithRetry(url, maxRetries = 3) {
for (let i = 0; i < maxRetries; i++) {
const response = await fetch(url);
if (response.status === 429) {
const retryAfter = response.headers.get('Retry-After') || 60;
await new Promise(resolve => setTimeout(resolve, retryAfter * 1000));
continue;
}
return response;
}
throw new Error('Max retries exceeded');
}Cache Responses
Most vulnerability data changes infrequently. Cache responses locally:
- Stats: Cache for 5 minutes
- Issues: Cache for 5 minutes
- OSV/Vulnerabilities: Cache for 15 minutes
- Repology: Cache for 1 hour
Batch Requests
Instead of making many individual requests, use batch-friendly patterns:
bash
# Instead of querying one package at a time
# Query multiple packages in sequence with delays
for pkg in openssl curl nginx; do
curl "https://api.vulnpatch.dev/api/v1/osv/$pkg"
sleep 1
doneCaching
The API implements server-side caching with the following TTLs:
| Endpoint | Cache TTL |
|---|---|
/stats | 5 minutes |
/issues | 5 minutes |
/repology/:package | 1 hour |
/osv/:package | 15 minutes |
/vulns/:package | 15 minutes |
Cache status is indicated in the X-Cache header:
X-Cache: HIT- Response served from cacheX-Cache: MISS- Fresh response generated