? HTTP 429 — Too Many Requests

? Quick Overview

HTTP status code 429 Too Many Requests indicates that a client has sent too many requests to a server within a given time frame. This is commonly triggered by rate limiting rules on APIs or web servers to prevent abuse and ensure fair usage.

? Key Concepts

Rate Limiting
Client-side throttling
Server protection mechanisms
Retry-After header
API usage quotas

? Syntax / Theory

When a server detects excessive requests from a client (IP, token, or user), it responds with status code 429. Optionally, the response may include a Retry-After header telling the client when it is safe to retry.

? Code Example(s)

? View Code Example

// Express.js example showing rate limit handling
app.use((req, res, next) => {
  res.status(429).json({ message: "Too many requests, please try again later." });
});

? Live Output / Explanation

Server Response

The server immediately rejects further requests and returns a JSON response with HTTP status 429. Clients should pause and retry later.

? Interactive Example / Visual Explanation

Imagine a counter that allows only 5 API requests per minute. Once the limit is exceeded, all further requests receive a 429 response until the timer resets.

Requests remaining: 5 / 5

? Use Cases

Public REST APIs (GitHub, Twitter, OpenAI)
Login attempt protection
Preventing brute-force attacks
Controlling traffic spikes

✅ Tips & Best Practices

Implement client-side request throttling
Respect the Retry-After response header
Cache responses where possible
Use exponential backoff strategies

? Try It Yourself

Create a small API with a rate limit of 3 requests per minute. Send 5 rapid requests and observe when the server starts responding with HTTP 429.