Cloudflare’s API now incorporates new rate limiting headers, following the pattern outlined in the IETF draft on rate limiting. This enhancement allows API users to determine the number of remaining calls before reaching a rate limit and the duration until additional capacity becomes available.
The latest Cloudflare SDKs are designed to automatically utilize these new headers, implementing backoffs when rate limits are approached. Users of these SDKs do not need to take any specific action to benefit from this feature.
For assistance with rate limits, users can contact Cloudflare Support.
New Headers
Headers consistently returned:
- Ratelimit: Provides a list of service limit items, detailing the limit name, remaining quota (r), and the time the next window resets (t). For example: “default”;r=50;t=30
- Ratelimit-Policy: Offers a list of quota policy items, including the policy name, total quota (q), and the time window the quota applies to (w). For example: “burst”;q=100;w=60
Returned exclusively when a rate limit is met (error code: 429):
- Retry-After: Indicates the number of seconds until more capacity is available, rounded up.
SDK Backoffs
- All current Cloudflare SDKs will automatically respond to these headers, initiating a backoff mechanism when limits are neared.
GraphQL and Edge APIs
These new headers and automatic backoffs are exclusively available for Cloudflare REST APIs and do not apply to GraphQL.
