Too Many Requests
Client Error (4xx)The 429 Too Many Requests status code indicates that the user has sent too many requests in a given time period (rate limiting). The server should include a Retry-After header indicating how long to wait before making a new request. Rate limiting protects servers from abuse, ensures fair resource distribution, and is standard practice for public APIs.
What is HTTP 429 Too Many Requests?
HTTP 429 Too Many Requests is a client error (4xx) status code. The 429 Too Many Requests status code indicates that the user has sent too many requests in a given time period (rate limiting). The server should include a Retry-After header indicating how long to wait before making a new request. Rate limiting protects servers from abuse, ensures fair resource distribution, and is standard practice for public APIs. Common causes include exceeding api rate limits and too many login attempts. To fix it, check the retry-after header and wait before retrying.
Example Response
HTTP/1.1 429 Too Many Requests Retry-After: 60 X-RateLimit-Limit: 100 X-RateLimit-Remaining: 0 X-RateLimit-Reset: 1609459200
Common Causes
- • Exceeding API rate limits
- • Too many login attempts
- • Aggressive web scraping
- • Missing rate limit handling in client code
How to Fix
- 1. Check the Retry-After header and wait before retrying
- 2. Implement exponential backoff in your client
- 3. Cache responses to reduce the number of API calls
- 4. Upgrade your API plan for higher rate limits
- 5. Distribute requests across time instead of bursting
Frequently Asked Questions
How should I handle 429 in my code?
Implement retry logic with exponential backoff: wait 1 second, then 2, then 4, etc. Check the Retry-After header for the server's recommended wait time. Most HTTP client libraries support automatic retry configuration.
What are common rate limit headers?
X-RateLimit-Limit (max requests), X-RateLimit-Remaining (requests left), X-RateLimit-Reset (when the limit resets), and Retry-After (seconds to wait). These are not standardized but are widely used.
Can rate limits apply per IP, per user, or per API key?
All three. API providers may apply different limits at different levels. IP-based limits prevent abuse from a single source. User or API key limits enforce per-account quotas. Check the API documentation for specifics.