Delegate access tokens

Delegate access tokens are the recommended way for custom apps to make requests from private or authenticated contexts, like a server.

If you create a custom storefront with the Headless channel, Shopify creates public and private access tokens for you.

With public access, your requests are throttled by the IP that the request is from. With authenticated access, your requests are throttled at the shop level and optionally by a forwarded IP. This is advantageous because your server needs a much larger capacity for making requests for many buyers. The app throttle scales with the Shopify platform and isn't fixed. Under high load, such as for flash sales, both the platform and the throttle scale to support more requests.

This guide familiarizes you with delegate access tokens.