client error RFC 6585

HTTP 429 Too Many Requests

You're being rate limited — slow down and try again after the specified time.

What it means

The server received more requests from this client than its rate limit allows. Most APIs include a `Retry-After` header (either seconds to wait, or an HTTP date). Rate limits protect servers from abuse, protect other users from noisy neighbors, and enforce plan limits. Different rate-limit windows are common: per-second, per-minute, per-hour, per-day.

When servers send it

  • Client exceeded per-second request budget
  • API key exceeded monthly quota
  • Anonymous requests from same IP exceeded threshold
  • Suspicious traffic pattern (spike detection)

What the client does

Reads `Retry-After` header. Backs off (exponential backoff with jitter is standard). Retries.

Example response

HTTP/1.1 429 Too Many Requests
Retry-After: 60
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1737568800

Common causes

  • Loop calling an API without throttling
  • Cache miss during traffic spike causing origin overload
  • API key rate limit lower than expected (check plan)
  • Cloudflare rate-limit rule triggered

How to fix it

  • 1.Add exponential backoff: 1s, 2s, 4s, 8s + random jitter
  • 2.Cache responses to avoid repeated calls for the same data
  • 3.Batch requests where the API supports it
  • 4.Increase rate-limit quota if you're a paying customer
  • 5.Distribute requests across multiple API keys (if allowed by the API terms)

Similar codes

← All HTTP status codes · HTTP status cheat sheet · HTTP headers reference