REST Admin API rate limits

About REST Admin API rate limits

The ShopBase REST Admin API applies rate limits to the API requests that it receives. Every request is subject to throttling under the general limits.

Limits are calculated using the leaky bucket algorithm. All requests that are made after rate limits have been exceeded are throttled and an HTTP 429 Too Many Requests error is returned. Requests succeed again after enough requests have emptied out of the bucket. You can see the current state of the throttle for a shop by using the rate limits header.

General API rate limits

The rate limits are designed to allow your app to make unlimited requests at a steady rate over time while also having the capacity to make infrequent bursts. The rate limits use a leaky bucket algorithm. The bucket size and leak rate properties determine the API's burst behavior and request rate.

The default settings are as follows:

  • Bucket size: 30

  • Leak rate: 2/second

If the bucket size is exceeded, then an HTTP 429 Too Many Requests error is returned. The bucket empties at a leak rate of two requests per second. To avoid being throttled, you can build your app to average two requests per second. The throttle is a pass or fail operation. If there is available capacity in your bucket, then the request is executed without queueing or processing delays. Otherwise, the request is throttled.

There is an additional rate limit for GET requests. When the value of the page parameter results in an offset of over 100,000 of the requested resource, a 429 Too Many Requests error is returned. For example, a request to GET /admin/collects.json?limit=250&page=401 would generate an offset of 100,250 (250 x 401 = 100,250) and return a 429 response.

Rate limits header

You can check how many requests you've already made using the ShopBase X-Sb-Shop-Api-Call-Limit header that was sent in response to your API request. This header lists how many requests you've made for a particular shop. For example:

X-Sb-Shop-Api-Call-Limit: 22/30

In this example, 22 is the current request count and 30 is the bucket size. The request count decreases according to the leak rate over time. For example, if the header displays 29/30 requests, then after a wait period of ten seconds, the header displays 9/30 requests.