Are rate limits per IP or per API key?

It depends on the API. Most APIs rate limit per API key. Some also rate limit per IP as an additional layer. Check the API documentation for specific rate limit policies.

Can I get banned for hitting rate limits?

Repeatedly ignoring rate limits and continuing to send requests aggressively can result in temporary IP blocks or permanent API key revocation. Always respect 429 responses and Retry-After headers.

API Rate Limit 429 Too Many Requests — Handling Rate Limiting Headers

Warning4xx client error

Overview

Fix HTTP 429 Too Many Requests errors by implementing proper rate limit handling, reading rate limit headers, and using backoff strategies.

Key Details

HTTP 429 indicates the client has sent too many requests in a given time window
Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After) indicate quota status
The Retry-After header specifies how many seconds to wait before sending another request
Rate limits are typically per API key, per IP, or per user depending on the API provider
Aggressive retry without respecting rate limits can result in temporary or permanent API bans

Common Causes

Application sending requests faster than the API's rate limit allows
Multiple application instances sharing the same API key and collectively exceeding limits
Retry logic without backoff creating a thundering herd effect
Batch processing or data migration scripts not implementing request throttling

Steps

1Read rate limit response headers to understand your current quota: X-RateLimit-Remaining and X-RateLimit-Reset
2Implement exponential backoff with jitter when receiving 429 responses
3Honor the Retry-After header value — wait at least that many seconds before retrying
4Use request queuing or token bucket algorithm to spread requests evenly across the rate window
5Consider upgrading your API plan or requesting a rate limit increase for legitimate high-volume use cases

Related Items

http-jwt-token-expired-error

More in 4xx Client Error

http-400-bad-requestHTTP 400 Bad Request — What It Means & How to Fix It

Error

http-401-unauthorizedHTTP 401 Unauthorized — What It Means & How to Fix It

Error

http-402-payment-requiredHTTP 402 Payment Required — What It Means & How to Fix It

Error

http-403-forbiddenHTTP 403 Forbidden — What It Means & How to Fix It

Error

http-404-not-foundHTTP 404 Not Found — What It Means & How to Fix It

Error

http-405-method-not-allowedHTTP 405 Method Not Allowed — What It Means & How to Fix It

Error

Frequently Asked Questions

Wait 1s, then 2s, then 4s, then 8s, etc. (exponential) plus a random delay (jitter) to prevent multiple clients from retrying at the exact same time, which would cause another rate limit spike.

API Rate Limit 429 Too Many Requests — Handling Rate Limiting Headers

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in 4xx Client Error

Frequently Asked Questions