diff --git a/docs/api/cve.md b/docs/api/cve.md
index 4425acf..673d52b 100644
--- a/docs/api/cve.md
+++ b/docs/api/cve.md
@@ -125,3 +125,29 @@ HTTP/1.1 200 OK
   ]
 }
 ```
+
+### Incremental retrieval using `updated_at`
+
+Results returned by `GET /cve` are sorted by the `updated_at` field by default.
+
+To fetch only newly updated CVEs between runs:
+
+- persist the last processed `updated_at` value (for example, in a local file or database)
+- stop processing as soon as you reach a record with `updated_at` less than or equal to that stored value
+- after processing, store the first entry's `updated_at` value from the current response as the new checkpoint
+
+**Pseudocode:**
+
+```python
+last_seen_update = load_from_storage()
+
+response = GET("https://app.opencve.io/api/cve?vendor=wordpress")
+
+for cve in response["results"]:
+    if last_seen_update is not None and cve["updated_at"] <= last_seen_update:
+        break
+    process(cve)
+
+if response["results"]:
+    save_to_storage(response["results"][0]["updated_at"])
+```