Rate limits

Shoplazza API Rate Limits

To ensure our platform remains stable and fair for everyone, all Shoplazza APIs are rate-limited. Developers are encouraged to use industry-standard techniques for limiting calls, caching results, and retrying requests responsibly.

Compare Rate Limits by API

APIRate-limiting methodStandard limit
Admin API (REST)Request-based limit2 requests/second

The Token Bucket Algorithm

All Shoplazza APIs use a token bucket algorithm to manage requests. This algorithm lets your app make an unlimited amount of requests in infrequent bursts over time.
The main points to understand about the leaky bucket metaphor are as follows:

  • Each app has access to a “bucket” that can hold, for example, 60 “marbles”.
  • Every second, one marble is removed from the bucket, ensuring space is consistently available.
  • Each API request requires you to toss a marble in the bucket.
  • If the bucket gets full, you get an error and have to wait for room to become available in the bucket.

Rate Limiting Methods

Request-Based Limits
Apps can make a maximum number of requests per minute. For instance, you can make 40 API requests within 60 seconds, and each request is counted equally, regardless of the amount of data returned.
This method is used by the REST Admin API.

REST Admin API rate limits

The REST Admin API enforces rate limits based on two dimensions: app/store and store. This ensures that a call from one app does not impact the rate limit of another app, even within the same store. Similarly, a call to one store does not influence the rate limit of another store, regardless of whether the call originates from the same app.

Limits are calculated using the leaky bucket algorithm. All requests that are made after rate limits have been exceeded are throttled and an HTTP 429 Too Many Requests error is returned. Requests succeed again after enough requests have emptied out of the bucket. You can see the current state of the throttle for a store by using the rate limits header.
The bucket size and leak rate properties determine the API’s burst behavior and request rate.
The default Settings for the app/Store dimension are as follows:

  • Bucket size: 40 requests per app/store
  • Leak rate: 2 requests per second

The default Settings for the store dimension are as follows:

  • Bucket size: 80 requests per store
  • Leak rate: 20 requests per second

Rate Limits Header

You can check how many requests you’ve already made using the Shoplazza X-Shoplazza-Shop-Api-Call-Limit header that was sent in response to your API request. This header lists how many requests you’ve made for a particular store. For example:
X-Shoplazza-Shop-Api-Call-Limit: 32/40

  • 32: The current request count.
  • 40: The maximum bucket size.

As requests are made, the count decreases according to the leak rate. For instance, if the header initially displays 39/40, after waiting ten seconds, the header may display 19/40.

Retry-After header

When a request goes over a rate limit, a 429 Too Many Requests error and a Retry-After header are returned. T. This header specifies the number of seconds you must wait before resubmitting the request. Any requests made during this period will be throttled.

X-Shoplazza-Shop-Api-Call-Limit: 40/40
Retry-After: 2.0