During the rate limits demo Eystein Maloy Stenberg requested change of the server response code when rate limit is applied.
When a client exceeds its rate limit nginx returns 503 (Service Temporarily Unavailable) - default value.
We were aware of this (https://tracker.mender.io/browse/MEN-1718?focusedCommentId=86126&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-86126) and 503 is a part of the rfc (not extention):
The 503 (Service Unavailable) status code indicates that the server is currently unable to handle the request due to a temporary overload or scheduled maintenance, which will likely be alleviated after some delay.
There is a standard extenction with 429:
and 429 was crated to be use with this (rate limits) particular case:
The 429 status code indicates that the user has sent too many requests in a given amount of time ("rate limiting").
The response representations SHOULD include details explaining the condition, and MAY include a Retry-After header indicating how long to wait before making a new request.
and a lot of APIs return 403 (Forbidden)! and twitter has been using 420 (https://httpstatusdogs.com/420-enhance-your-calm)
Gregorio Di Stefano proposition was to use 429 and this looks like the best option for me too.