3. Rate Limiting

While communicating with MetaDefender Cloud APIs, you will need to use the authentication mechanism for the given API endpoint and provide your API key. Each API key has hourly limits, and you can check yours by logging in to MetaDefender Cloud with your OPSWAT account. Additionally, the MetaDefender Cloud server returns custom headers in each response that will help you track your current API usage.

If you don't have your API key, see our guide: Onboarding Process for MetaDefender Cloud API Users

Each MetaDefender Cloud API key has limits for each family of APIs (file scan, hash lookups, IP lookups, etc.), and every response from MetaDefender Cloud contains custom headers that inform clients about the current limit.

Description of Custom Headers

  • X-RateLimit-Limit - Your current limit for a given API endpoint.

  • X-RateLimit-Remaining - The number of requests remaining in the current time window, usually set to 1 hour.

  • X-RateLimit-Reset-In - The number of seconds remaining in the current time window.

  • X-RateLimit-Used - The number of requests used in the current time window.

Custom Header Example

> curl -vvvv "https://api.metadefender.com/v3/appinfo/64638C3FF08EECD62E2B24708CF5B5F111C05E3D" -H 'Authorization: apikey YOUR_API_KEY'
> GET /v3/appinfo/64638C3FF08EECD62E2B24708CF5B5F111C05E3D HTTP/1.1
> Host: api.metadefender.com
> User-Agent: curl/7.52.1
> Accept: */*
> Authorization: apikey YOUR_API_KEY
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Date: Mon, 21 Aug 2017 22:09:28 GMT
< ETag: "272a8-hYK6yyj7WkeqK2V1z4I3m1FFDtE"
< Vary: Accept-Encoding
< X-Authenticated: by apikey
< X-RateLimit-For: reputation_api
< X-RateLimit-Interval: 3600
< X-RateLimit-Limit: 100
< X-RateLimit-Remaining: 99
< X-RateLimit-Reset-In: 3600s
< X-RateLimit-Used: 1
< X-Response-Time: 1430ms
< Content-Length: 160424
< Connection: keep-alive

When doing a bulk request, the limit is subtracted for every successful response.

E.g.: doing a bulk hash lookup for 20 hashes, where only the last 15 are found in our database, and remaining limit is 10 lookups, the response will contain the first 5 hashes marked as found, and the next 10 hashes results. We do not count the not found ones for the limit, but we do count when looking up duplicates in different requests. In the same request we do not count the duplicates.