Skip to main content

Current rate limit

Storefront API requests are limited to 200 requests per 10 minutes per IP. Use response headers to monitor limits:
  • X-RateLimit-Remaining
  • X-RateLimit-Reset
  • X-RateLimit-Limit
When limits are exceeded, requests return 429 and may include Retry-After.

What to retry

Retry only transient failures:
  • 429 (rate limit)
  • 500
  • 502
  • 503
Avoid blind retries on validation/auth errors (400, 401, 403, 404, 422).

Backoff strategy

Use exponential backoff with jitter, cap max delay, and stop after a few attempts. 
const delayMs = Math.min(1000 * 2 ** attempt, 10_000)
If Retry-After is present, prefer that value over your local delay.

Production tips

  • Log status code, endpoint, and request ID metadata where available.
  • Add client-side circuit breaking to avoid retry storms.
  • Treat retry as a recovery path, not a normal control flow.
For full error mappings, see /guides/error-codes.