Limits
The corpus is free to read, but not unbounded. There are two tiers: anonymous and authenticated.
Anonymous — per-IP at the edge
Logged-out reads are rate-limited per client IP at the edge, before they ever reach the daemon. It’s enough for browsing and the occasional scripted lookup, and it keeps one noisy address from starving everyone else. There’s no key to get and nothing to configure — just stay under the hourly ceiling.
Authenticated — per account
Sign in and your traffic is metered against your account’s tier instead of your
IP, with a higher ceiling. This is the reason to vuln login even though the
reads are public: a token lifts the limit and attributes the usage to you (see
Accounts).
How throttling is signalled
| Status | Meaning | What to do |
|---|---|---|
403 Forbidden | A hard count limit for your tier is exhausted. | Upgrade the tier, or wait for the period to roll over. |
429 Too Many Requests | A rate window is saturated. | Back off and retry after the Retry-After interval. |
The CLI surfaces these as errors with the same meaning; back off and retry, or sign in for the higher tier.