Shopify API rate limits

To ensure our platform remains stable and fair for everyone, all Shopify APIs are rate-limited. We use a variety of strategies to enforce rate limits. We ask developers to use industry standard techniques for limiting calls, caching results, and re-trying requests responsibly.

Compare rate limits by API

Shopify APIs use several different rate-limiting methods. They’re described in more detail below, but these are the key figures in brief:

API Rate-limiting method Standard limit Shopify Plus limit
Admin API (GraphQL) Calculated query cost 50 points/second 100 points/second
Admin API (REST) Request-based limit 2 requests/second 4 requests/second
Storefront API Time-based limit minimum 0.5s per request, 60s per user IP minimum 0.5s per request, 120s per user IP
Payments Apps API (GraphQL) Calculated query cost 910 points/second 1820 points/second

The leaky bucket algorithm

All Shopify APIs use a leaky bucket algorithm to manage requests. This algorithm lets your app make an unlimited amount of requests in infrequent bursts over time.

The main points to understand about the leaky bucket metaphor are as follows:

  • Each app has access to a bucket. It can hold, say, 60 “marbles”.
  • Each second, a marble is removed from the bucket (if there are any). That way there’s always more room.
  • Each API request requires you to toss a marble in the bucket.
  • If the bucket gets full, you get an error and have to wait for room to become available in the bucket.

This model ensures that apps that manage API calls responsibly will always have room in their buckets to make a burst of requests if needed. For example, if you average 20 requests (“marbles”) per second but suddenly need to make 30 requests all at once, you can still do so without hitting your rate limit.

The basic principles of the leaky bucket algorithm apply to all our rate limits, regardless of the specific methods used to apply them.

Rate limiting methods

Shopify uses three different methods for managing rate limits. Different APIs use different methods depending on use case, so make sure you understand the various types of rate limits your apps will encounter:

Request-based limits

Apps can make a maximum number of requests per minute. For example: 40 API requests within 60 seconds. Each request counts equally, regardless of how much or how little data is returned.

This method is used by the REST Admin API.

Time-based limits

Apps can make requests that take a maximum amount of time per minute. For example: 120 requests within 60 seconds, with each request taking 0.5 seconds to return. More complex requests take longer, and therefore take up a proportionally larger share of the limit.

This method is used by the Storefront API.

Calculated query costs

Apps can make requests that cost a maximum number of points per minute. For example: 1000 points within 60 seconds. More complex requests cost more points, and therefore take up a proportionally larger share of the limit.

This method is used by the GraphQL API

GraphQL Admin API rate