Aarunya AppsAarunya Apps
429
Too Many Requests
Client Error

HTTP 429 Too Many Requests — Rate Limiting, Retry-After & Fix

The client has sent too many requests in a given amount of time (rate limiting). The response should include a Retry-After header indicating how long to wait before making a new request.

When to Return 429

Return 429 when a client exceeds your rate limit. Always include Retry-After (seconds until reset) and optionally X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers.

Common Causes

  • API rate limit exceeded (requests per minute/hour)
  • Too many login attempts (brute force protection)
  • Excessive webhook retries
  • Scraper hitting too frequently

HTTP Response Example

HTTP/1.1 429 Too Many Requests
Retry-After: 60
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1700000060

{"error": "Too Many Requests", "retryAfter": 60}

Code Examples

Express.js
import rateLimit from 'express-rate-limit'

const limiter = rateLimit({
  windowMs: 60_000, // 1 minute
  max: 100,
  standardHeaders: true, // X-RateLimit-* headers
  legacyHeaders: false,
  handler: (req, res) => {
    res.status(429).json({
      error: 'Too Many Requests',
      message: 'Rate limit exceeded. Try again in 60 seconds.',
      retryAfter: 60,
    })
  },
})

app.use('/api', limiter)
Next.js App Router
// middleware.ts — using Upstash Rate Limit (edge-compatible)
import { Ratelimit } from '@upstash/ratelimit'
import { Redis } from '@upstash/redis'

const ratelimit = new Ratelimit({
  redis: Redis.fromEnv(),
  limiter: Ratelimit.slidingWindow(100, '1 m'),
})

export async function middleware(request: NextRequest) {
  const { success, reset } = await ratelimit.limit(request.ip ?? 'anon')
  if (!success) {
    return new NextResponse(
      JSON.stringify({ error: 'Too Many Requests' }),
      { status: 429, headers: { 'Retry-After': String(Math.ceil((reset - Date.now()) / 1000)) } }
    )
  }
}

Related Status Codes

All HTTP status codes

Browse the complete HTTP status code reference.

All Status Codes

Frequently Asked Questions

What does HTTP 429 Too Many Requests mean?

The client has sent too many requests in a given amount of time (rate limiting). The response should include a Retry-After header indicating how long to wait before making a new request.

When should an API return 429?

Return 429 when a client exceeds your rate limit. Always include Retry-After (seconds until reset) and optionally X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers.

What causes an HTTP 429 error?

Common causes: API rate limit exceeded (requests per minute/hour); Too many login attempts (brute force protection); Excessive webhook retries; Scraper hitting too frequently.