HTTP 429 Too Many Requests
Overview
The HTTP ~429 Too Many Requests~ status code indicates that the client has sent too many requests to the server within a specified time frame. This response is used to mitigate the risk of server overload and ensure fair usage.
Purpose
The HTTP 429 response is used to inform the client that they have exceeded the rate limits imposed by the server, and they should refrain from sending additional requests until the specified time has elapsed.
Usage
Client Behavior:
- Send Requests: The client sends multiple requests to the server.
- Receive 429 Response: Once the rate limit is exceeded, the client receives an HTTP 429 status code.
- Wait and Retry: The client waits for the specified time duration and retries the request.
Server Behavior:
- Detect Rate Exceedance: The server detects that the client has exceeded the allowed rate limits.
- Send 429 Response: The server responds with an ~HTTP/1.1 429 Too Many Requests~ status code.
- Include Retry-After Header: Optionally, the server includes a
Retry-After
header indicating when the client can retry.
Scenarios
- Rate Limit Exceeded: Used when a client surpasses the allowed number of requests within a specific time frame.
Sequence Diagram
Illustrating the process for an HTTP 429 response:
sequenceDiagram participant Client participant Server as Web Server Note over Client: Step 1: Client sends multiple requests Client->>Server: HTTP Requests (Step 1) Note over Server: Step 2: Server detects rate exceedance Server->>Client: HTTP/1.1 429 Too Many Requests (Step 2) Server->>Client: Retry-After: 60 (optional) (Step 3)
Curl Request and Response Example
Sending requests that exceed the rate limit using Curl:
curl -i http://example.com/resource
# Expected response: HTTP/1.1 429 Too Many Requests
# Retry-After: 60 (optional)
PHP cURL Request and Response Example
PHP script using cURL to handle a 429 Too Many Requests response:
<?php
$ch = curl_init('http://example.com/resource');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == 429) {
$retryAfter = curl_getinfo($ch, CURLINFO_RETRY_AFTER);
echo "Too Many Requests. Retry after: $retryAfter seconds";
}
curl_close($ch);
?>
Python Request and Response Example
Python script to handle a 429 Too Many Requests response:
import requests
response = requests.get('http://example.com/resource')
if response.status_code == 429:
retry_after = response.headers.get('Retry-After')
print(f"Too Many Requests. Retry after: {retry_after} seconds")
Apache Configuration for HTTP 429 Too Many Requests
Configuring Apache to enforce rate limits and return 429 responses:
<VirtualHost *:80>
ServerName example.com
<Location "/resource">
# Additional configuration to enforce rate limits
# ...
# Return 429 Too Many Requests with optional Retry-After header
Header always set Retry-After "60"
ErrorDocument 429 "HTTP/1.1 429 Too Many Requests"
</Location>
</VirtualHost>
NGINX Configuration for HTTP 429 Too Many Requests
Setting up NGINX to enforce rate limits and return 429 responses:
server {
listen 80;
server_name example.com;
location /resource {
# Additional configuration to enforce rate limits
# ...
# Return 429 Too Many Requests with optional Retry-After header
add_header Retry-After "60";
return 429 "HTTP/1.1 429 Too Many Requests";
}
}
HTTP 428 Precondition Required HTTP 431 Request Header Fields Too Large