Error 429
The 429 Too Many Requests status code indicates that the client has sent too many requests in a specified amount of time, as determined by the server's rate-limiting rules. The server may include a Retry-After header in the response to specify when the client can try again.
For more details, refer to RFC 6585 ↗.
Servers use this status code to prevent excessive API requests from overloading the system. For example, a client making repeated API calls within a short time frame may trigger a 429 response. Websites or services may impose rate limits to manage traffic spikes or prevent abuse, temporarily blocking excessive requests from users.
| Type | Limit |
|---|---|
| Client API per user/account token | 1200/5 minutes |
| Client API per IP | 200/second |
| GraphQL | Varies by query cost. Max 320/5 min |
| User API token quota | 50 |
| Account API token quota | 500 |
Some specific API calls have their own limits and are documented separately, such as the following:
Enterprise customers can also contact Cloudflare Support to raise the Client API per user, GraphQL, or API token limits to a higher value.
Cloudflare applies rate limiting to requests for R2 managed public buckets accessed via r2.dev. This helps protect customers from abuse and overuse of public buckets. For details, refer to Rate limiting on managed public buckets through r2.dev.
Cloudflare will generate a 429 response when a request is being rate limited ↗. If visitors to your site encounter this error, it will be visible in the Rate Limiting Analytics dashboard.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark