I got into a discussion this past week with one of my colleagues about rate limiting or throttling for APIs. In particular, how we might handle a user going beyond their limit and how we would inform them of what the threshold values are so they can continue calling later on. Neither of us came to an agreement – he took the 503 route and I took the 429 route.

As a side effect though, we took a look at some various companies out there, and found only a couple of HTTP response codes and headers, which all at least follow the same model, with only moderately different header names. For the most part, they all seemed to have these exact headers, or variations of them with slightly different names.Continue reading