All about Shopify API: access configuration, number of requests

All about Shopify API

The concept of API in eCommerce systems is a very important case. Thanks to such interfaces, various external systems can communicate with each other. In a world where the ecosystem of an eCommerce store is not limited to the point of sale itself, it is worth looking at how such an API works.


What is an API?

To begin with, it is worth knowing what the abbreviation API stands for. API (Application Programming Interface) is an application programming interface, which allows the exchange of data between applications and services. The interface has its own set of rules, which allows correct communication. In practice, API-based applications act as an intermediary between two systems. It allows the rapid transfer of information without the need to switch between applications. An example application of such communication in the world of eCommerce is the management of products in a store based on product information management systems like PIM Akeneo or Pimcore. With such integrations, products in the store can have a more advanced set of information, which will enable potential customers to build a better experience when using our store.


Shopify’s API solutions

The Shopify online store provides a number of API solutions that allow you to manage your store on many levels. The Shopify API allows users to manipulate product data, manage discount codes or store customers, and more. These are just some of the possibilities that this API presents. The following article will show, among other things, how to configure access to the Shopify API, what types of APIs Shopify provides, and how API requests are limited.


Configuring Shopify API access

In order for communication with the store via the API to be secure, every request must be authenticated. The lack of such security could make it easy for third parties to manipulate data in the store. Shopify, whenever it communicates through its API, requires the request to be authenticated with tokens.


To generate such a token, an authorized Shopify application is needed, which, depending on its needs, may have a different set of permissions to modify or view specific resources in the store. The authentication and authorization methods used by the application will vary depending on the tool used to create it:


  • All applications created using the Shopify CLI or via a partner’s dashboard use the OAuth protocol.
  • If the app is embedded in the Shopify dashboard using App Bridge, it will use session tokens.
  • Apps created in the Shopify dashboard use access tokens generated in the Shopify dashboard.
Configuring Shopify API access

Types of APIs in Shopify

Shopify is not limited to just one type of API, it provides several, including:


  • Admin API – available through REST or GraphQL. Allows you to manage information about products, customers, orders, inventories, shipping informations and much more. 
  • Storefront API – offers, among other things, the ability to browse products and collections in the store. In addition, it allows you to manipulate products in the shopping cart and partial checkout management. 
  • Partner API – gives access to the data found in the Partner Dashboard to automate front and back office operations. 
  • Payments Apps API – gives you access to your payment application configuration data. Additionally, it allows you to fully manage the payment process and refunds. 
  • Marketplaces API – offers the ability to run requests and actions for all stores in the marketplace. 
  • Messaging API – allows you to send messages to the Shopify Inbox application, which allows sellers to centralize their business conversations via messaging apps or SMS. 


The Shopify templates are built using the Liquid framework, where Shopify also provides additional APIs to control their look and style:


  • Section Rendering API – allows you to dynamically load entire sections without reloading the entire page 
  • Ajax API – can only be used on themes created by Shopify. This interface allows you to modify the contents of the shopping cart, or also display suggested products, without the shopper having to refresh the page.


The Shopify API documentation itself is very extensive, and you can find all the information you need about the request that you are interested in. This makes working with Shopify API fun and rewarding.


Shopify API Versioning

API versioning allows for continuous development of the Shopify platform, offering developers a predictable path to update or retire specific functionality. Shopify releases a new stable version of the API every 3 months at the beginning of the quarter. Version naming is based on its release date, for example, the latest version of API 2022-07 was released on 01.07.2022.


Each stable version is supported for 12 months, giving you nine months to test and migrate your application to a newer API version before the current API version is removed. However, when a request uses a no longer supported API version, Shopify will respond according to the oldest currently supported version. It is recommended to continuously update the API version to the latest one, in order to maintain continuous communication between the application and Shopify.


However, not all API libraries are versioned; these include: Ajax API and Analytics API.


Below is a graphical representation of the annual support schedule for each API version:

Requests Limits in Shopify

To ensure the stability of the platform, Shopify has introduced certain limits for all types of APIs. All interfaces use the “Leaky Bucket” algorithm (methods for temporarily storing a variable number of requests and organizing them as fixed-rate output packets over a network in asynchronous transfer mode (ATM). This method is used to implement traffic supervision and traffic shaping in Ethernet and cellular networks). Depending on the API type, the restriction methods are different.


In Admin API, depending on the paradigm used, limits are defined differently:


  • REST – the limitation is to a maximum of 2 requests per second. Where the maximum number of requests that can be made in a minute is 40
  • GraphQL – the limitation occurs based on the cost of the request measured in points. Each field returned by the request has a certain number of points. The more complex the request, its execution will cost more. The limit for this type of API is 50 points per second where the maximum request cost per minute can not be more than 1000. This limit will renew at the rate of 50 points per second.


For Storefront API, the limit does not apply to the number of requests but only to their processing time. In addition, the limit does not apply to the store identifier but to the IP address of the request. The limit is 60 seconds of request time per minute.


Payments Apps API uses GraphQL so the limit applies to the request cost measured in points. The limit for this type of API is 910 points per second.


It is worth adding that for Shopify Plus subscriptions all the above limits are doubled.



APIs in eCommerce platforms play a very important role, allowing communication with many external systems, which nowadays are an indispensable part of a store’s ecosystem. Thanks to the many types of APIs that Shopify provides, it is possible to influence the store on many levels. The API restriction rules that Shopify offers make communication secure and stable. This translates into more and more interest in the Shopify platform from third-party companies offering their unique solutions to assist the merchant.


If you are interested in any solution or integration with your store, please contact us for sure we will help.


You can find more information in the Shopify API documentation:

Jakub Szubart
Associated with the IT industry since 2019. PHP developer using frameworks such as Symfony and Laravel. Currently a member of the backend team at Brand Active. On a daily basis, he develops applications that extend the functionality of the Shopify platform. Additionally, he is involved in the implementation, maintenance and integration PIM Akeneo platform.

Recommended news

Porozmawiaj z nami
Czat udostępnia CRM