Tokens & pricing
Every workspace has a single token balance. Write operations deduct from it. Read operations cost essentially nothing (1 token) so dashboards stay free.
Cost table (v1)
| Operation | Tokens |
|---|---|
POST /v1/scans (quick) | 1,000 |
POST /v1/scans (standard) | 5,000 |
POST /v1/scans (compliance) | 25,000 |
GET /v1/* (any read) | 1 |
POST /v1/targets/{id}/verify | 10 |
| Webhook delivery (outbound) | 1 |
The cost formula is versioned. New endpoints can be added in additive fashion; existing costs do not change without a major version bump.
POST /v1/scansreserves the cost up front; the hold is committed when the scan completes, or refunded if the scan fails or is cancelled. You don’t pay for failed scans.Where tokens come from
Subscriptions (monthly grants, non-rollover)
Paid plans include a monthly token allowance. Granted on invoice.paid, expires at the start of the next billing period. Unused tokens do not roll over.
| Plan | Tokens / month | Price |
|---|---|---|
| Solo | 0 (no API access) | $49 / mo |
| Professional | 100,000 | $199 / mo |
| Team | 1,000,000 | $499 / mo |
| Enterprise | 10,000,000 | $1,099+ / mo |
Token packs (one-time, 1-year rollover)
Packs are sold via Stripe Checkout in mode: payment — no subscription required. Tokens roll over for 365 days from the date of purchase.
| Pack | Tokens | Price |
|---|---|---|
| Starter | 1,000,000 | $19 |
| Pro | 10,000,000 | $149 |
| Scale | 50,000,000 | $599 |
Solo plans must purchase a pack to use the API. Pro / Team / Enterprise can buy packs on top of their monthly grant. The ledger uses oldest-non-expired-credit-first semantics.
Insufficient tokens
When the balance is below the cost of the requested operation, the API returns 402 insufficient_tokens:
{
"error": {
"code": "insufficient_tokens",
"message": "Workspace token balance is below the required cost.",
"details": {
"required": 1000,
"balance": 320,
"top_up_url": "https://app.pentify.io/settings/billing/token-packs"
}
}
}The error envelope is documented in Errors.
Inspecting the balance
curl -H "Authorization: Bearer $PENTIFY_API_KEY" \
https://api.pentify.io/v1/usageReturns the current balance plus a 30-day breakdown. See the API reference: /usage endpoint.