Error 429
The 429 Too Many Requests status code indicates that the client has sent too many requests in a specified amount of time, as determined by the server's rate-limiting rules. The server may include a Retry-After header in the response to specify when the client can try again.
For more details, refer to RFC 6585 ↗.
Servers use this status code to prevent excessive API requests from overloading the system. For example, a client making repeated API calls within a short time frame may trigger a 429 response. Websites or services may impose rate limits to manage traffic spikes or prevent abuse, temporarily blocking excessive requests from users.
- Cloudflare API limits
| Type | Limit |
|---|---|
| Client API per user | 1200/5 minutes |
| Client API per IP | 200/second |
| GraphQL | Varies by query cost. Max 320/5 min |
| User API token quota | 50 |
| Account API token quota | 500 |
Some specific API calls have their own limits and are documented separately, such as the following:
- Cache Purge APIs
- GraphQL APIs: 300 GraphQL queries over 5-minute window
- Rulesets APIs
- Lists API: 10,000 list changes in five minutes
- Gateway Lists API: 60 list updates per minute
Enterprise customers can also contact Cloudflare Support to raise the Client API per user, GraphQL, or API token limits to a higher value.
- Website end users
Cloudflare will generate a 429 response when a request is being rate limited ↗. If visitors to your site encounter this error, it will be visible in the Rate Limiting Analytics dashboard.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark