Shopify API rate limits
To ensure our platform remains stable and fair for everyone, all Shopify APIs are rate-limited. We use a variety of strategies to enforce rate limits. We ask developers to use industry standard techniques for limiting calls, caching results, and re-trying requests responsibly.
Compare rate limits by API
Shopify APIs use several different rate-limiting methods. They’re described in more detail below, but these are the key figures in brief:
|API||Rate-limiting method||Standard limit||Shopify Plus limit|
|Admin API (GraphQL)||Calculated query cost||50 points/second||100 points/second|
|Admin API (REST)||Request-based limit||2 requests/second||4 requests/second|
|Storefront API||Time-based limit||minimum 0.5s per request, 60s per user IP||minimum 0.5s per request, 120s per user IP|
|Payments Apps API (GraphQL)||Calculated query cost||910 points/second||1820 points/second|
The leaky bucket algorithm
All Shopify APIs use a leaky bucket algorithm to manage requests. This algorithm lets your app make an unlimited amount of requests in infrequent bursts over time.
The main points to understand about the leaky bucket metaphor are as follows:
- Each app has access to a bucket. It can hold, say, 60 “marbles”.
- Each second, a marble is removed from the bucket (if there are any). That way there’s always more room.
- Each API request requires you to toss a marble in the bucket.
- If the bucket gets full, you get an error and have to wait for room to become available in the bucket.
This model ensures that apps that manage API calls responsibly will always have room in their buckets to make a burst of requests if needed. For example, if you average 20 requests (“marbles”) per second but suddenly need to make 30 requests all at once, you can still do so without hitting your rate limit.
The basic principles of the leaky bucket algorithm apply to all our rate limits, regardless of the specific methods used to apply them.
Rate limiting methods
Shopify uses three different methods for managing rate limits. Different APIs use different methods depending on use case, so make sure you understand the various types of rate limits your apps will encounter:
Apps can make a maximum number of requests per minute. For example: 40 API requests within 60 seconds. Each request counts equally, regardless of how much or how little data is returned.
This method is used by the REST Admin API.
Apps can make requests that take a maximum amount of time per minute. For example: 120 requests within 60 seconds, with each request taking 0.5 seconds to return. More complex requests take longer, and therefore take up a proportionally larger share of the limit.
This method is used by the Storefront API.
Calculated query costs
Apps can make requests that cost a maximum number of points per minute. For example: 1000 points within 60 seconds. More complex requests cost more points, and therefore take up a proportionally larger share of the limit.
This method is used by the GraphQL API