> ## Documentation Index
> Fetch the complete documentation index at: https://docs.aigenstudio.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Usage limits and safety

> Understand API limits, URL safety checks, and operational guardrails.

AI Gen Studio applies limits and safety checks so catalog imports stay predictable and production traffic does not accidentally overload provider capacity.

## API limits

```txt theme={"theme":{"light":"github-light","dark":"github-light"}}
20 images maximum per job
25 images processed per hour per API key
5 job creations per hour per API key
120 polling requests per hour per API key
1 active job per API key
2 active jobs per account
```

Use `request_id` values from responses and webhooks when contacting support.

## Source URL safety

When a Product Photo job uses `source_url`, AI Gen Studio accepts only public HTTP and HTTPS image URLs.

The API checks:

* redirects;
* resolved network targets;
* MIME type;
* file signature;
* file size;
* download timeout.

Private networks, localhost, metadata endpoints, unsupported protocols, excessive redirects, invalid files, and files above the supported size are rejected before provider processing.

## Webhook URL safety

Webhook URLs must be public HTTPS endpoints.
Internal/private targets are rejected.

Outgoing webhook requests include:

```txt theme={"theme":{"light":"github-light","dark":"github-light"}}
X-Aigen-Signature
X-Aigen-Timestamp
X-Aigen-Event-Id
```

Verify every webhook before updating catalog records.

## Sandbox and live separation

Sandbox keys return simulated job responses with the same response shape as live.
They do not call paid providers and do not consume credits.

Live keys process real images and consume paid API credits.
Free Web Studio credits do not unlock live API processing.

## Security logging

AI Gen Studio may log blocked requests and safety events for security, debugging, and support.
Sensitive values such as raw API keys, passwords, tokens, secrets, and private image content are not useful for support and should never be sent in tickets.