Which HTTP Status Code to Use for Rate Limiting?

You can use the 429 Too Many Requests HTTP status code (RFC 6585) which is meant for rate limiting — i.e. to indicate that the client has exceeded the number of requests allowed in a given amount of time.

You can also, optionally, send the Retry-After header as a response to the client to indicate the amount of time to wait (in seconds or HTML date format) before making a new request.

For example:

HTTP/1.1 429 Too Many Requests
Content-Type: text/html
Retry-After: 3600

This post was published by Daniyal Hamid. Daniyal currently works as the Head of Engineering in Germany and has 20+ years of experience in software engineering, design and marketing. Please show your love and support by sharing this post.