# Throttling and rate limiting

The API throttles incoming requests to prevent abuse and ensure fair use.

When an application exceeds the rate limit, the API will return a standard HTTP `429 Too Many Requests` response.

### How to handle being throttled

The specific details of rate limit policies in effect may vary without notice. Application developers should implement detection and handling of rate-limiting behavior using `X-Ratelimit-*` headers described below.

When a request from your application receives a `429 Too many Requests` response, you can check the returned HTTP headers to see your current rate limit status:


```
X-RateLimit-Limit:120
X-RateLimit-Remaining:0
X-RateLimit-Reset:1482966442
```

The `X-RateLimit-Reset` provides the time at which the current rate limit window resets in UTC epoch seconds.


```
// pseudo-code

MAX_RETRIES = 25

retry_count = 0

while(running == true) {
  response = get_api_response(request_params)

  // if the server throttled the request, re-try until a valid
  // response is received or a maximum number of re-try attempts
  // have been reached
  //
  while(response.status == 429 && retry_count < MAX_RETRIES) {
    // extract the Time in X-RateLimit-Reset
    x_rate_limit_reset_time = get_x_rate_limit_reset(response)

    // wait until the rate limit time window has been reset
    wait_until(x_rate_limit_reset_time)

    // retry the call
    response = get_api_response(request_params)

    retry_count += 1
  }

  handle_response(response)

  retry_count = 0
}
```