429 Too Many Requests
HTTP response status code 429 Too Many Requests is returned by the server to indicate that too many HTTP requests have been made within the allowed time. This is also known as “rate limiting”.
Usage
When the 429 Too Many Requests status code is received, the server is indicating that the number of HTTP requests has exceeded the allowed number. This may happen, for example, when the server wants to limit the number of API calls in an hour.
The specification does not define how it counts HTTP requests or identifies users. This means that rate limiting may be done on a per-resource basis, or per-user basis, across the entire server, or perhaps across several servers. User identification may be accomplished by using credentials or alternatively, by using Cookies.
The server can optionally include a Retry-After HTTP header to inform the client when they can make HTTP requests again.
Note
Search engines like Google will not index a URL with 429 Too Many Requests response status, and consequently, URLs that have been indexed in the past but are now returning this HTTP status code will be removed from the search results.
Example
In the example, the client requests a resource and the server responds with the 429 Too Many Requests.
Request
GET /current-news HTTP/1.1
Host: www.example.re
Response
HTTP/1.1 429 Too Many Requests
Retry-After: 1800
Content-Type: text/html
Content-Length: 173
<html>
<head>
<title>Request Limit Exceeded</title>
</head>
<body>
<p>Your request limit has been reached. Please try again in 30 minutes.</p>
</body>
</html>
Code references
.NET
HttpStatusCode.TooManyRequests
Rust
http::StatusCode::TOO_MANY_REQUESTS
Rails
:too_many_requests
Go
http.StatusTooManyRequests
Symfony
Response::HTTP_TOO_MANY_REQUESTS
Python3.5+
http.HTTPStatus.TOO_MANY_REQUESTS
Apache HttpComponents Core
org.apache.hc.core5.http.HttpStatus.SC_TOO_MANY_REQUESTS
Angular
@angular/common/http/HttpStatusCode.TooManyRequests
Takeaway
The 429 Too Many Requests status code is a client error that is sent by the server when a resource is not available because too many HTTP requests are made within a certain period of time. Previous HTTP requests may be attributable to specific users or instead, are counted at the resource level irrespective of the client.