← Back to Chapters

HTTP 429 — Too Many Requests

? HTTP 429 — Too Many Requests

? Quick Overview

HTTP status code 429 Too Many Requests indicates that a client has sent too many requests to a server within a given time frame. This is commonly triggered by rate limiting rules on APIs or web servers to prevent abuse and ensure fair usage.

? Key Concepts

  • Rate Limiting
  • Client-side throttling
  • Server protection mechanisms
  • Retry-After header
  • API usage quotas

? Syntax / Theory

When a server detects excessive requests from a client (IP, token, or user), it responds with status code 429. Optionally, the response may include a Retry-After header telling the client when it is safe to retry.

? Code Example(s)

? View Code Example
// Express.js example showing rate limit handling
app.use((req, res, next) => {
  res.status(429).json({ message: "Too many requests, please try again later." });
});

? Live Output / Explanation

Server Response

The server immediately rejects further requests and returns a JSON response with HTTP status 429. Clients should pause and retry later.

? Interactive Example / Visual Explanation

Imagine a counter that allows only 5 API requests per minute. Once the limit is exceeded, all further requests receive a 429 response until the timer resets.

Requests remaining: 5 / 5
 

? Use Cases

  • Public REST APIs (GitHub, Twitter, OpenAI)
  • Login attempt protection
  • Preventing brute-force attacks
  • Controlling traffic spikes

✅ Tips & Best Practices

  • Implement client-side request throttling
  • Respect the Retry-After response header
  • Cache responses where possible
  • Use exponential backoff strategies

? Try It Yourself

Create a small API with a rate limit of 3 requests per minute. Send 5 rapid requests and observe when the server starts responding with HTTP 429.