Limits & Quotas
WithGiga enforces limits to ensure platform stability and prevent runaway costs.
API rate limits
All API endpoints share a single rate limit per API key.
| Limit | Value |
|---|
| Requests per minute | 60 |
| Response header | X-RateLimit-Remaining |
| Throttle response | HTTP 429 with Retry-After |
Audit concurrency
The number of simultaneously running audits is plan-dependent:
| Plan | Concurrent audits |
|---|
| Free | 1 |
| Starter Pro | 5 |
| Max | Unlimited |
HTTP 429 with CONCURRENCY_LIMIT_EXCEEDED. Scheduled audits that fire while at capacity queue briefly, then fail if capacity doesn’t free.
Audit time budgets
Each mode has a default time budget:
| Mode | Default | Max |
|---|
| Shallow | 30 min | 60 min |
| Deep | 2 hrs | 4 hrs |
| Autonomous | 4 hrs | 24 hrs |
Storage limits
| Limit | Value |
|---|
| Disk per sandbox | 20 GB |
| Presigned URL TTL | 24 hours |
| Report retention | Per plan (see Plans) |
| Recording retention | Per plan |
Workspace limits
| Plan | Workspaces |
|---|
| Free | 1 |
| Starter Pro | 10 |
| Max | Unlimited |
Scheduled audit limits
| Plan | Schedules per workspace |
|---|
| Free | — |
| Starter Pro | 10 |
| Max | Unlimited |
Target restrictions
WithGiga does not enforce a target allowlist. You are responsible for ensuring you have written authorization to test every target you submit.
Running unauthorized audits is illegal in most jurisdictions. WithGiga logs every audit with target, timestamp, and the API key that initiated it. If you discover that an API key was used for unauthorized scanning, revoke it immediately.
Increasing limits
For limit increases — concurrency, time budgets, custom retention — contact us via Discord or [email protected]. Max plan customers can negotiate custom limits.
