Censys · Rate Limits

Censys Rate Limits

Censys enforces per-account / per-Personal-Access-Token quotas measured primarily in results-per-query and credits / Collections per tier rather than as hard requests-per-second caps. Free Community and Individual tiers have stricter caps (e.g., 500 results/query, 2 Collections); Security Operations and Threat Hunting raise or remove caps. The legacy Search v1/v2 APIs published per-second rates that varied by plan. Hard throttling returns HTTP 429 with Retry-After. Exact per-tier RPS/RPM numbers are not publicly enumerated for the Platform API and should be confirmed with Censys support for production planning.

Censys Rate Limits is the machine-readable rate-limit profile for Censys on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 8 rate-limit definitions, measuring requests_per_second, requests_per_query, collections, history_window, and scans_per_month.

The profile also includes 6 backoff/retry policies defined and response codes documented for throttled, quotaExceeded, unauthorized, and forbidden.

Tagged areas include Rate Limiting, Security, Internet Intelligence, and Attack Surface Management.

8 Limits Throttle: 429 Quota: 429
Rate LimitingSecurityInternet IntelligenceAttack Surface Management

Limits

Censys Platform API — request throttling account
requests_per_second
see plan; published numbers not in public docs — confirm with Censys support
Throttling is enforced per Personal Access Token; bursts trigger HTTP 429 with Retry-After.
Censys Platform API — results per query account
requests_per_query
500 (Individual) / unlimited (Security Operations and Threat Hunting)
Per-query result cap is a plan quota rather than a request-rate limit.
Censys Platform API — Collections per account account
collections
2 (Individual) / 15 (Security Operations) / negotiated (Threat Hunting)
Collection count is plan-bound.
Censys Platform API — host data history window account
history_window
1 week (Individual) / 1 month (Security Operations) / longer (Threat Hunting)
History window is plan-bound.
Censys Legacy Search v1 API key
requests_per_second
historically 0.2–5 RPS depending on plan (deprecated; migrate to Platform)
Search v1 is deprecated as of 2026; use the Platform API.
Censys Legacy Search v2 API key
requests_per_second
historically 0.4 RPS (free) to higher tiers (deprecated)
Search v2 is deprecated; existing keys remain functional during migration.
On-demand scans (Threat Hunting tier) account
scans_per_month
fair-use — confirm with Censys
Live discovery / rescan endpoints are usage-tracked.
CensEye threat-hunting jobs account
jobs_per_month
tier-bound; confirm with Censys
Each CensEye job consumes credits.

Policies

Personal Access Token scoping
All Platform API requests are authenticated with a Personal Access Token (HTTP bearer). Tokens are user-scoped and revocable from the Censys account settings.
Backoff on 429
On HTTP 429, honor the Retry-After header (seconds). Censys recommends exponential backoff with jitter for high-volume integrations.
Credit-based metering
Many Platform operations (search, view, aggregate, scan, CensEye) consume tenant credits visible via /v3/accounts/.../credits endpoints. Monitor credits to avoid quota exhaustion.
Legacy vs Platform separation
Search v1 (search.censys.io/api/v1) and v2 (search.censys.io/api/v2) keys are separate from Platform Personal Access Tokens. Migrate to Platform tokens for new integrations.
Raise limits via support
Higher TPS, larger Collections, or extended history windows are negotiated via Censys Sales / Support per plan.
Audit-log visibility
Account-level actions are observable via /v3/accounts/{org_id}/audit-log-events to detect quota-impacting changes.

Sources