Shodan · Rate Limits

Shodan Rate Limits

Name: Shodan Rate Limits
Creator: Shodan
Keywords: Security, Search, Rate Limiting, Quotas, Throttling, Query Credits, Scan Credits

Shodan rate-limit and quota model. Operational throttling is a published per-second cap on the REST surface; commercial limits are enforced as monthly query credits, scan credits, and monitored-IP allotments per subscription tier. CVEDB and InternetDB are open APIs that throttle on abusive traffic but do not consume credits.

Shodan Rate Limits is the machine-readable rate-limit profile for Shodan on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 17 rate-limit definitions, across the all, developer, membership, freelancer, and small-business tiers, measuring requests_per_second, query_credits, scan_credits, and monitored_ips.

The profile also includes 6 backoff/retry policies defined and response codes documented for throttled, quotaExceeded, and serviceUnavailable.

Tagged areas include Security, Search, Rate Limiting, Quotas, and Throttling.

17 Limits Throttle: 429 Quota: 429

SecuritySearchRate LimitingQuotasThrottlingQuery CreditsScan Credits

Limits

REST API Request Rate api-key

requests_per_second · second

Developer Query Credits api-key

query_credits · month

100

Developer Scan Credits api-key

scan_credits · month

100

Developer Monitored IPs api-key

monitored_ips · usage

Membership Query Credits api-key

query_credits · month

100

Membership Scan Credits api-key

scan_credits · month

100

Membership Monitored IPs api-key

monitored_ips · usage

Freelancer Query Credits api-key

query_credits · month

10000

Freelancer Scan Credits api-key

scan_credits · month

5120

Freelancer Monitored IPs api-key

monitored_ips · usage

5120

Small Business Query Credits api-key

query_credits · month

200000

Small Business Scan Credits api-key

scan_credits · month

65536

Small Business Monitored IPs api-key

monitored_ips · usage

65536

Corporate Query Credits api-key

query_credits · month

-1

Corporate Scan Credits api-key

scan_credits · month

327680

Corporate Monitored IPs api-key

monitored_ips · usage

327680

Enterprise Negotiated Limits contract

requests_per_second · second

-1

Policies

Credit Consumption

Query credits are consumed on the second and subsequent pages of search results and on searches that use advanced filters (city, country, net, geo, before, after, org, isp, title, html, vuln, tag, etc.). Scan credits are consumed one-per-IP on `/shodan/scan` submissions.

Backoff Strategy

Clients should implement exponential backoff with jitter and respect the `Retry-After` header when surfaced. The published cap of roughly one request per second per API key applies to the REST surface; the streaming firehose is connection-based.

Credit Reset

Query credits, scan credits, and monitored-IP allotments reset on each subscription billing cycle (monthly for the subscription tiers).

InternetDB Commercial Use

InternetDB is free for non-commercial use; commercial use requires an enterprise license. Abusive traffic patterns may be rate-limited without prior notice.

CVEDB Commercial Use

CVEDB is free for non-commercial use; commercial use requires an enterprise license. CVEDB is updated daily.

Streaming Fair Use

The streaming firehose is a long-lived HTTP connection. Disconnects should be handled with reconnection logic; the `debug=1` parameter surfaces dropped-message counts for monitoring.