API Usage

Learn about our unique quota-based system, testing options, and how to make the most of your API subscription.

Before You Subscribe

How do I test the API before purchasing?

We strongly encourage testing before subscribing:

Free API testing available:

• Make test calls to verify data quality
• Check response times and format
• Validate integration with your systems
• No credit card required

What you can test:

• API endpoints and functionality
• Response data structure
• Performance and latency
• Integration compatibility

Important: Test as much as you need! Make sure our API meets your requirements before purchasing. We want you to be confident in your decision.

What should I test before subscribing?

We recommend comprehensive testing:

Technical validation:

# Test API connectivity
response = requests.get(api_endpoint, headers={'X-API-Key': 'test-key'})

# Verify response format
data = response.json()

# Check data completeness
required_fields = ['field1', 'field2', 'field3']
all(field in data for field in required_fields)

# Measure response time
response.elapsed.total_seconds()

Business validation:

• Data contains what you need
• Update frequency meets requirements
• Coverage includes your use cases
• Performance meets your SLA

Integration testing:

• Works with your existing tools
• Scales to your volume
• Handles errors gracefully
• Fits your workflow

Take your time - thorough testing prevents subscription mismatches!

Understanding Our System

What is a quota-based system?

Unlike traditional APIs, we use a quota system:

Traditional rate-limited APIs:

• Limit: 100 requests per minute
• Problem: Artificial speed restrictions
• Result: Slower data processing

CyberSecFeed quota system:

• Monthly quota: Total API calls included
• Speed: Unlimited - no rate limits!
• Benefit: Use as fast as your systems can handle

Example comparison:

Traditional API (rate-limited):
- 10,000 calls/month ÷ 100/minute = 100 minutes minimum
- Forced to spread usage over time

CyberSecFeed (quota-based):
- 10,000 calls/month = Use all in 1 minute if you want!
- Maximum flexibility and speed

Are there rate limits?

No! We have no rate limits.

• ⚡ Blazing fast: Use our global edge network at full speed
• 🚀 No throttling: Your systems set the pace, not ours
• 🌍 Global performance: Consistent speed worldwide
• 💪 Burst capable: Need 1000 requests in a second? Go ahead!

You're only limited by:

1. Your monthly quota (total calls)
2. Your system's ability to make requests

This is why we can't offer mid-cycle upgrades - you could theoretically use your entire monthly quota in minutes!

Monitoring Your Usage

How do I check my API usage?

We provide a dedicated API endpoint to check your usage. Note: Quota information is no longer included in response headers for better caching performance. Use this endpoint instead:

Usage check endpoint:

GET /api/v1/usage
Headers: X-API-Key: your-api-key

Response:
{
  "data": {
    "usage": {
      "current": 45678,
      "limit": 100000,
      "reset_at": "2024-04-01T00:00:00Z",
      "percentage_used": 45.68
    }
  }
}

Best practices:

• Check usage regularly
• Set up monitoring alerts
• Track usage patterns
• Plan for quota needs

Pro tip: Build usage checking into your application to avoid surprises!

Why don't I see quota information in API response headers?

As of July 2025, we removed quota headers from API responses to enable better caching:

What changed:

• Previously: Every response included X-Quota-Used and X-Quota-Limit headers
• Now: Quota information only available via /api/v1/usage endpoint

Why this improves performance:

• Enables Cloudflare edge caching across users
• Results in near-zero latency for cached responses
• Dramatically faster API performance

How to check your quota:

# Check quota separately
curl -H "X-API-Key: your-api-key" \
     https://api.cybersecfeed.com/api/v1/usage

# Then make your API calls
curl -H "X-API-Key: your-api-key" \
     https://api.cybersecfeed.com/api/v1/cve/CVE-2024-0001

This change allows us to deliver much faster responses while you can still monitor your usage through the dedicated endpoint.

What happens when I reach my quota?

When you reach your monthly quota:

1. API response: Returns 429 status code
2. Error message: Clear quota exceeded notification
3. Resolution options:
   • Wait for next billing cycle (automatic reset)
   • Purchase additional subscription (new API key)

Example error response:

{
  "error": "quota_exceeded",
  "message": "Monthly quota limit reached",
  "quota_used": 100000,
  "quota_limit": 100000,
  "reset_date": "2024-04-01"
}

Planning ahead:

• Monitor usage trending
• Purchase additional subscription before hitting limit
• Consider higher tier for next month

Can I get notifications about my usage?

While we don't provide built-in notifications, you can easily build your own:

Simple monitoring script:

import requests
import os

def check_usage():
    response = requests.get(
        'https://api.cybersecfeed.com/v1/usage',
        headers={'X-API-Key': os.environ['API_KEY']}
    )
    data = response.json()

    if data['percentage_used'] > 80:
        # Send alert (email, Slack, etc.)
        send_alert(f"API usage at {data['percentage_used']}%")

    return data

# Run this daily or hourly via cron/scheduler

Monitoring tips:

• Check at 50%, 80%, 90% thresholds
• Daily usage reports
• Predict when you'll run out
• Automate purchasing if needed

Multiple Subscriptions

Can I have multiple API keys?

Yes! Each subscription comes with its own API key:

How it works:

• Purchase multiple subscriptions
• Receive unique API key for each
• Each key has its own quota
• Manage separately via Stripe

Use cases:

• Separate dev/staging/production environments
• Different projects or clients
• Increased total quota
• Risk isolation

Example setup:

# Environment-specific keys
CYBERSECFEED_DEV_KEY=key_dev_xxx
CYBERSECFEED_STAGING_KEY=key_stg_xxx
CYBERSECFEED_PROD_KEY=key_prod_xxx

How do I manage multiple subscriptions?

Each subscription is managed independently:

1. Separate API keys: Each subscription = unique key
2. Individual quotas: Not combined or shared
3. Stripe management: Each appears separately
4. Billing cycles: Can have different dates

Best practices:

• Label keys clearly (dev/prod/client)
• Track usage per key
• Document which key serves which purpose
• Consider annual plans for stable workloads

Performance & Reliability

Where can I find the API status?

Monitor our API health:

Status checking:

• API health endpoint: /api/v1/status
• Returns current operational status
• No authentication required

Response format:

{
  "status": "operational",
  "latency_ms": 45,
  "timestamp": "2024-03-15T10:30:00Z"
}

Integration tip: Include status checks in your monitoring stack.

What kind of performance can I expect?

Our API is optimized for speed:

Performance characteristics:

• 🌍 Global edge network: Servers worldwide
• ⚡ Low latency: Typically <100ms
• 📈 High throughput: No rate limits
• 🔄 99.9% uptime: Reliable service

Real-world performance:

• Burst capability: 1000+ requests/second
• Sustained load: Limited only by quota
• Geographic optimization: Automatic routing
• No throttling or queueing

Your performance depends on:

• Your internet connection
• Geographic location (we optimize routing)
• Request complexity
• Your system's capabilities

Best Practices

How can I optimize my API usage?

Make the most of your quota:

Efficient usage tips:

# Cache responses when appropriate
cache = {}
def get_data(key):
    if key not in cache:
        cache[key] = api_call(key)
    return cache[key]

# Batch operations when possible
# Instead of 100 individual calls:
results = api_batch_call(items)

# Only request needed fields
params = {'fields': 'id,name,score'}

Optimization strategies:

• Implement intelligent caching
• Remove duplicate requests
• Batch where supported
• Request only needed data
• Monitor usage patterns

Remember: No rate limits means you can optimize for your needs, not API restrictions!