There is a new interesting feature available for the API v1 and v2 frameworks: each and every response returned back by the API exposes your API limits in the header.
For instance you can try: curl -D header.txt -u user:pass 'https://qualysapi.qualys.com/msp/about.php'
And the file header.txt will return something like:
Date: Tue, 10 May 2011 21:17:37 GMT
X-RateLimit-Limit: 300 means that your subscription is configured to allow 300 calls per API calls/functions (in this example, about.php can be called 300 times, independently of the other API calls that are performed with the same account) during the sliding window provided below (X-RateLimit-Window-Sec)
X-RateLimit-Window-Sec: 86400 is the sliding window (in seconds) for the parameter above. 86400 seconds is 24 hours.
X-ConcurrencyLimit-Limit: 2 means you can launch the same call 2 times at the same time
X-ConcurrencyLimit-Running: 1 means only one call is currently running
X-RateLimit-ToWait-Sec: 0 means you've not been blocked, so you don't have to wait before launching a new call
X-RateLimit-Remaining: 42 means you still have 42 requests available for this API call for the time that remains in the sliding window
If for some reason you are blocked, you get a 409 HTTP error and you can figure out what is the root cause of the problem in the header or the response (either concurrency limit reached or too much calls so you need to wait X-RateLimit-ToWait-Sec seconds).
For more information, please refer to the API user guides available here: https://community.qualys.com/community/developer
This document was generated from the following discussion: QualysGuard API limits exposed in the header