Handling 429 responses gracefully
5 min read Updated January 22, 2026
What Is a 429?
HTTP 429 (Too Many Requests) means you've exceeded your rate limit for the current time window. ComplianceGrid returns this status with a Retry-After header indicating how many seconds to wait.
Response Format
json
{
"error": "rate_limit_exceeded",
"message": "Rate limit of 60 requests per minute exceeded",
"retryAfter": 12
}Implementing Exponential Backoff
The best strategy is exponential backoff with jitter:
javascript
async function callWithBackoff(url, options, maxRetries = 3) {
for (let attempt = 0; attempt < maxRetries; attempt++) {
const res = await fetch(url, options);
if (res.status !== 429) return res;
const retryAfter = res.headers.get('Retry-After');
const baseWait = retryAfter
? Number(retryAfter) * 1000
: Math.pow(2, attempt) * 1000;
const jitter = Math.random() * 500;
await new Promise(r => setTimeout(r, baseWait + jitter));
}
throw new Error('Rate limit exceeded after max retries');
}Proactive Rate Limiting
Don't wait for a 429 — monitor the X-RateLimit-Remaining header and throttle your requests before hitting zero. This gives you smoother throughput and avoids the delay of backoff cycles.
Common Causes
- Tight loops without delays between requests
- Parallel requests from multiple threads or workers exceeding the shared limit
- Retry storms where a failed request triggers immediate retries across all clients
- Sandbox development — sandbox limits are 60 req/min (vs. 300+ in production)
Was this article helpful?