API Usage

Learn about our transparent credit-based system, testing options, and how to maximize value from your API subscription.

Before You Subscribe

How do I test the API before purchasing?

We strongly encourage testing before subscribing:

Free API testing available:

• Make test calls to verify data quality
• Check response times and format
• Validate integration with your systems
• No credit card required

What you can test:

• API endpoints and functionality
• Response data structure
• Performance and latency
• Integration compatibility

Important: Test as much as you need! Make sure our API meets your requirements before purchasing. We want you to be confident in your decision.

What should I test before subscribing?

We recommend comprehensive testing:

Technical validation:

# Test API connectivity
response = requests.get(api_endpoint, headers={'X-API-Key': 'test-key'})

# Verify response format
data = response.json()

# Check data completeness
required_fields = ['field1', 'field2', 'field3']
all(field in data for field in required_fields)

# Measure response time
response.elapsed.total_seconds()

Business validation:

• Data contains what you need
• Update frequency meets requirements
• Coverage includes your use cases
• Performance meets your SLA

Integration testing:

• Works with your existing tools
• Scales to your volume
• Handles errors gracefully
• Fits your workflow

Take your time - thorough testing prevents subscription mismatches!

Understanding Our System

What is a credit-based system?

Unlike traditional APIs, we use a transparent credit system:

Traditional rate-limited APIs:

• Limit: 100 requests per minute
• Problem: Artificial speed restrictions + all calls cost the same
• Result: Slower processing + poor value for complex operations

CyberSecFeed credit system:

• Monthly credits: Allocated based on endpoint complexity and value
• Speed: Unlimited - no rate limits on paid plans!
• Value: Pay for computational cost, not arbitrary call counts
• Efficiency: 86% savings with batch operations

Example comparison:

Traditional API (rate-limited, flat pricing):
- 10,000 calls/month ÷ 100/minute = 100+ minutes minimum
- Simple ping = complex analysis = 1 "call" (unfair pricing)

CyberSecFeed (credit-based, value pricing):
- Health checks: 0 credits (free)
- Simple searches: 1 credit
- Detailed analysis: 5 credits
- Batch operations: 35 credits (up to 50 CVEs, 86% savings)
- Use credits as fast as your systems can handle!

Are there rate limits?

Paid plans have no rate limits!

• ⚡ Blazing fast: Use our global edge network at full speed
• 🚀 No throttling: Your systems set the pace, not ours
• 🌍 Global performance: Consistent speed worldwide
• 💪 Burst capable: Need 1000 requests in a second? Go ahead!
• 💰 Value-based: Pay for computational cost, not arbitrary limits

Free plan exception: 5 requests/minute rate limit for abuse prevention

You're only limited by:

1. Your monthly credit allocation
2. Your system's ability to make requests

This is why we can't offer mid-cycle upgrades - you could theoretically use your entire monthly credit allocation in minutes!

Monitoring Your Usage

How do I check my API usage?

We provide a dedicated API endpoint to check your credit usage. Note: Credit information is no longer included in response headers for better caching performance. Use this endpoint instead:

Usage check endpoint:

GET /api/v1/usage
Headers: X-API-Key: your-api-key

Response:
{
  "data": {
    "usage": {
      "plan": "CyberSecFeed Pro",
      "credits_used": 45678,
      "credits_limit": 200000,
      "credits_remaining": 154322,
      "reset_at": "2024-04-01T00:00:00Z",
      "percentage_used": 22.84
    }
  }
}

Credit costs by endpoint:

Endpoint	Credits	Value
Health checks	0	Free monitoring
Basic searches	1	Core functionality
Recent monitoring	2	Real-time alerts
Single CVE details	5	Comprehensive data
Batch operations	35	86% savings (up to 50 CVEs)
Platform stats	0.5	Basic insights

Best practices:

• Check credit usage regularly
• Set up monitoring alerts at 50%, 80%, 90% thresholds
• Track usage patterns and optimize for credits
• Plan for credit needs based on endpoint costs
• Use batch operations for 86% savings

Pro tip: Build credit checking into your application to avoid surprises and maximize savings!

Why don't I see credit information in API response headers?

As of August 2025, we optimized credit information delivery for better caching performance:

What changed:

• Previously: Every response included credit usage headers
• Now: Credit information primarily available via /api/v1/usage endpoint
• Some endpoints may include X-Credits-Cost and X-Credits-Remaining headers

Why this improves performance:

• Enables Cloudflare edge caching across users
• Results in near-zero latency for cached responses
• Dramatically faster API performance (up to 95% cache hit rates)

How to check your credits:

# Check credits separately (0 credits - free)
curl -H "X-API-Key: your-api-key" \
     https://api.cybersecfeed.com/api/v1/usage

# Then make your API calls
curl -H "X-API-Key: your-api-key" \
     https://api.cybersecfeed.com/api/v1/cve/CVE-2024-0001
# This costs 5 credits for detailed CVE data

Credit optimization tip: Use the batch endpoint for bulk operations to save 86% on credits!

What happens when I reach my credit limit?

When you reach your monthly credit limit:

1. API response: Returns 429 status code
2. Error message: Clear credit limit exceeded notification
3. Resolution options:
   • Wait for next billing cycle (automatic reset)
   • Upgrade to higher tier plan
   • Optimize usage with batch operations (86% savings)
   • Purchase additional subscription (new API key)

Example error response:

{
  "error": {
    "code": "CREDIT_LIMIT_EXCEEDED",
    "message": "Monthly credit limit exceeded. Upgrade your plan or wait for reset.",
    "details": {
      "credits_used": 200000,
      "credits_limit": 200000,
      "reset_at": "2024-04-01T00:00:00Z"
    }
  }
}

Planning ahead:

• Monitor credit usage trending
• Use batch operations for bulk CVE lookups (86% savings)
• Purchase higher tier before hitting limit
• Consider Business plan for large-scale operations

Can I get notifications about my usage?

While we don't provide built-in notifications, you can easily build your own:

Simple monitoring script:

import requests
import os

def check_credit_usage():
    response = requests.get(
        'https://api.cybersecfeed.com/api/v1/usage',
        headers={'X-API-Key': os.environ['API_KEY']}
    )
    data = response.json()['data']['usage']

    # Alert thresholds
    if data['percentage_used'] > 90:
        send_alert(f"🚨 Critical: {data['percentage_used']:.1f}% credits used!")
    elif data['percentage_used'] > 80:
        send_alert(f"⚠️  Warning: {data['percentage_used']:.1f}% credits used")
        # Suggest optimization
        send_alert("💡 Tip: Use batch endpoint for 86% savings on bulk operations")

    return data

# Run this daily or hourly via cron/scheduler

Credit monitoring tips:

• Check at 50%, 80%, 90% thresholds
• Daily credit usage reports
• Track credit efficiency (credits per business outcome)
• Predict when you'll run out based on current burn rate
• Optimize with batch operations for bulk queries
• Automate purchasing if needed

Multiple Subscriptions

Can I have multiple API keys?

Yes! Each subscription comes with its own API key:

How it works:

• Purchase multiple subscriptions
• Receive unique API key for each
• Each key has its own credit allocation
• Manage separately via Stripe

Use cases:

• Separate dev/staging/production environments
• Different projects or clients
• Increased total credit allocation
• Risk isolation and budget control

Example setup:

# Environment-specific keys
CYBERSECFEED_DEV_KEY=key_dev_xxx
CYBERSECFEED_STAGING_KEY=key_stg_xxx
CYBERSECFEED_PROD_KEY=key_prod_xxx

How do I manage multiple subscriptions?

Each subscription is managed independently:

1. Separate API keys: Each subscription = unique key
2. Individual credit allocations: Not combined or shared
3. Stripe management: Each appears separately
4. Billing cycles: Can have different dates

Best practices:

• Label keys clearly (dev/prod/client)
• Track credit usage per key
• Document which key serves which purpose
• Consider higher tiers for production workloads
• Use batch operations consistently for credit efficiency

Performance & Reliability

Where can I find the API status?

Monitor our API health:

Status checking:

• API health endpoint: /api/v1/status
• Returns current operational status
• No authentication required

Response format:

{
  "status": "operational",
  "latency_ms": 45,
  "timestamp": "2024-03-15T10:30:00Z"
}

Integration tip: Include status checks in your monitoring stack.

What kind of performance can I expect?

Our API is optimized for speed:

Performance characteristics:

• 🌍 Global edge network: Servers worldwide
• ⚡ Low latency: Typically <100ms
• 📈 High throughput: No rate limits
• 🔄 99.9% uptime: Reliable service

Real-world performance:

• Burst capability: 1000+ requests/second
• Sustained load: Limited only by quota
• Geographic optimization: Automatic routing
• No throttling or queueing

Your performance depends on:

• Your internet connection
• Geographic location (we optimize routing)
• Request complexity
• Your system's capabilities

Best Practices

How can I optimize my credit usage?

Maximize value from your credit allocation:

Credit optimization strategies:

# 1. Use batch operations for massive savings (86% off!)
# Instead of: 50 individual calls = 50 × 5 = 250 credits
batch_result = api_batch_call(cve_ids)  # = 35 credits (86% savings!)

# 2. Cache responses when appropriate
cache = {}
def get_cve_data(cve_id):
    if cve_id not in cache:
        cache[cve_id] = api_call(cve_id)  # 5 credits
    return cache[cve_id]  # 0 additional credits

# 3. Use field selection to reduce processing costs
params = {'fields': 'cve_id,severity,kev,epss'}  # Lighter processing

# 4. Leverage free endpoints
health_check = requests.get('/api/v1/ping')  # 0 credits
usage_check = requests.get('/api/v1/usage')   # 0 credits

Credit efficiency tips:

• Batch operations: 86% savings for bulk CVE analysis
• Smart caching: Avoid duplicate credit charges
• Field selection: Request only needed data for lighter processing
• Free endpoints: Use health checks and usage monitoring at no cost
• Monitor patterns: Track credit efficiency (credits per business outcome)

Real-world example:

# Inefficient: 1000 individual CVE lookups
# Cost: 1000 × 5 = 5,000 credits

# Efficient: 20 batch operations (50 CVEs each)
# Cost: 20 × 35 = 700 credits (86% savings!)

Remember: No rate limits means you can optimize for credit efficiency, not artificial speed restrictions!