Skip to main content

Usage and quotas


The GitGuardian API and its scan capability can be used to scan simple content quickly, or even to write complex integrations for non-publicly available services.

Most of GitGuardian's Open Source projects use the GitGuardian API as their backbone. ggshield and py-gitguardian are two examples.

Stateless scanning#

The GitGuardian API endpoints are stateless, meaning any scanned documents or found secrets are not stored on our servers when performing a secrets scan. We do, however, collect and store some metadata for purposes such as quota usage and access logs.


API quotas are only consumed by API calls related to the scan scope:

  • the /scan endpoint ingests only one document (piece of text) and consumes 1 quota.
  • the /multiscan endpoint ingests several documents at a time (20 max) and consumes 1 quota.
    If a commit contains 40 differents documents to scan, scanning this commit will require 2 quotas.

Quota usage is based on requests, not on the size of the content you scan.

The quota is set on a rolling month, not on a calendar month.
This means that if 200 API calls are made on the last day of the month, you will need to wait 30 days before 200 new calls are credited back to your account.
The quota depends on your plan but you can always contact us to increase it:

Free planPaid plan
Quota10,000 calls/month100,000 calls/month

Workspace Managers can track usage of their quota in the Quota section of their workspace:

API usage