Bird
Raised Fist0
Rest APIprogramming~20 mins

Rate limit error responses in Rest API - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Rate Limit Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
1:00remaining
What is the HTTP status code returned for a rate limit error?
When a REST API enforces rate limiting and a client exceeds the allowed number of requests, what HTTP status code should the server return?
A200 OK
B429 Too Many Requests
C500 Internal Server Error
D403 Forbidden
Attempts:
2 left
💡 Hint
Think about the standard HTTP status code specifically designed for rate limiting.
Predict Output
intermediate
1:00remaining
What header informs the client about when to retry after rate limiting?
Which HTTP response header tells the client how many seconds to wait before making another request after hitting a rate limit?
ARetry-After
BX-RateLimit-Reset
CContent-Type
DAuthorization
Attempts:
2 left
💡 Hint
This header is part of the HTTP standard and indicates wait time.
🧠 Conceptual
advanced
1:30remaining
Why is it important to include rate limit headers in error responses?
Why should a REST API include headers like Retry-After or X-RateLimit-Remaining in responses when rate limiting is applied?
ATo help clients understand when they can safely retry requests and avoid unnecessary failures
BTo increase server load by making clients send more requests
CTo hide the rate limit policy from clients
DTo make responses larger for better network utilization
Attempts:
2 left
💡 Hint
Think about how clients can behave better with more information.
Predict Output
advanced
1:30remaining
What is the typical JSON body content of a rate limit error response?
Given a REST API returns a 429 status code, which JSON response body best informs the client about the rate limit error?
A{"error": "Invalid API key"}
B{"message": "Success", "data": []}
C{"status": 200, "error": null}
D{"error": "Rate limit exceeded", "retry_after": 30}
Attempts:
2 left
💡 Hint
Look for a message about rate limiting and a retry time.
🔧 Debug
expert
2:00remaining
Identify the error in this rate limit middleware code snippet
This code snippet is intended to return a 429 error with a Retry-After header when the client exceeds the rate limit. What is the error?
Rest API
function rateLimit(req, res, next) {
  if (req.requests > 100) {
    res.status(429);
    res.set('Retry-After', '60');
    res.send({ error: 'Rate limit exceeded', retry_after: 60 });
    return;
  }
  next();
}
AThe status code 429 is incorrect for rate limiting
BThe Retry-After header value must be a date string, not a number
CThe middleware calls next() even after sending a response, causing headers to be sent twice
DThe error message should be sent as plain text, not JSON
Attempts:
2 left
💡 Hint
Think about what happens after res.send() is called in middleware.

Practice

(1/5)
1. What HTTP status code is commonly used to indicate a rate limit error in REST APIs?
easy
A. 404
B. 429
C. 500
D. 401

Solution

  1. Step 1: Understand HTTP status codes for errors

    HTTP status codes in the 400 range indicate client errors. Among them, 429 specifically means too many requests.

  2. Step 2: Identify the code for rate limiting

    The 429 status code is defined to signal that the user has sent too many requests in a given time.

  3. Final Answer:

    429 -> Option B

  4. Quick Check:

    Rate limit error = 429 [OK]
Hint: Remember 429 means too many requests, a rate limit error [OK]
Common Mistakes:
  • Confusing 429 with 404 (not found)
  • Using 500 which is server error
  • Choosing 401 which means unauthorized
2. Which HTTP header is used to tell the client when to retry after hitting a rate limit?
easy
A. Retry-After
B. Authorization
C. Content-Type
D. User-Agent

Solution

  1. Step 1: Identify headers related to retry timing

    The Retry-After header is designed to tell clients how long to wait before retrying a request.

  2. Step 2: Confirm the correct header for rate limit retry

    Other headers like Content-Type or Authorization do not indicate retry timing.

  3. Final Answer:

    Retry-After -> Option A

  4. Quick Check:

    Retry timing header = Retry-After [OK]
Hint: Retry-After header tells when to retry after rate limit [OK]
Common Mistakes:
  • Choosing Content-Type which describes data format
  • Confusing Authorization with retry info
  • Selecting User-Agent which identifies client software
3. What will the following HTTP response indicate? 
HTTP/1.1 429 Too Many Requests
Retry-After: 120
Content-Type: application/json

{"error": "Rate limit exceeded. Try again later."}
medium
A. The client should retry immediately
B. The client is unauthorized
C. The server encountered an internal error
D. The client sent too many requests and should wait 120 seconds before retrying

Solution

  1. Step 1: Analyze the status code and headers

    Status 429 means too many requests. The Retry-After header with value 120 means wait 120 seconds before retrying.

  2. Step 2: Interpret the JSON error message

    The message confirms the rate limit was exceeded and advises to try again later.

  3. Final Answer:

    The client sent too many requests and should wait 120 seconds before retrying -> Option D

  4. Quick Check:

    429 + Retry-After = wait before retry [OK]
Hint: 429 plus Retry-After means wait specified seconds before retry [OK]
Common Mistakes:
  • Thinking client can retry immediately
  • Confusing 429 with unauthorized error
  • Assuming server error from 429
4. A REST API returns this response when rate limit is exceeded: 
HTTP/1.1 429 Too Many Requests
Content-Type: application/json

{"error": "Too many requests"}
What is missing to improve client handling?
medium
A. A Retry-After header indicating when to retry
B. Changing status code to 500
C. Adding Authorization header
D. Removing the error message

Solution

  1. Step 1: Identify missing headers for rate limit response

    The response lacks the Retry-After header, which helps clients know when to retry.

  2. Step 2: Understand why Retry-After is important

    Without Retry-After, clients may retry too soon, causing more errors or confusion.

  3. Final Answer:

    A Retry-After header indicating when to retry -> Option A

  4. Quick Check:

    Retry-After header missing = add it [OK]
Hint: Add Retry-After header to guide client retry timing [OK]
Common Mistakes:
  • Changing status code to 500 which is wrong
  • Adding Authorization header unrelated to rate limit
  • Removing error message reduces clarity
5. You want to design a REST API rate limit error response that clearly informs clients about the wait time and reason. Which of the following is the best practice?
hard
A. Return status 200 with a JSON error field indicating rate limit
B. Return status 403 with a plain text message 'Rate limit exceeded'
C. Return status 429 with a Retry-After header and a JSON message explaining the limit
D. Return status 500 with a Retry-After header

Solution

  1. Step 1: Choose correct status code for rate limiting

    Status 429 is the standard code for rate limit errors, signaling client to slow down.

  2. Step 2: Include Retry-After header and clear message

    Retry-After header tells client how long to wait. JSON message improves clarity and user experience.

  3. Step 3: Evaluate other options

    403 is forbidden, not rate limit. 200 means success, which is misleading. 500 is server error, not client rate limit.

  4. Final Answer:

    Return status 429 with a Retry-After header and a JSON message explaining the limit -> Option C

  5. Quick Check:

    429 + Retry-After + clear message = best practice [OK]
Hint: Use 429 + Retry-After + clear JSON message for best rate limit response [OK]
Common Mistakes:
  • Using wrong status codes like 403 or 500
  • Returning 200 status for errors
  • Omitting Retry-After header