Concerns with building a headless Shopify mobile application

We are looking to build a headless Shopify mobile app inclusive of a custom checkout and have a couple of concerns related to the feasibility of our application.

1. Is it possible to view (and store) customer’s payment details for checking out with the Storefront API? And if so, what is the API call associated with this?

2. It is my current understanding that a StorefrontAccessToken is required to create a CustomerAccessToken (due to the required unauthenticated_read_customers scope being required). And that in addition to this, there is only a “maximum of 100 active Storefront access tokens per shop”. Is this something that should be managed on the client side (inside the app) and is there a possibility that we will run into issues if more than 100 people tried to signup at once? We have considered managing this on our own server, but there appears to be limitations for using the same IP for frequent requests. We will require customers to be logged in to Shopify before they can checkout.

3. Finally, we are wanting to collect additional information in the app (associated to the user) for usage outside of the store (in our own database). Ideally we only want a single log-in interface for the entirety of the app with the authentication essentially covering both the Storefront API and our own server. The multipass included with Shopify Plus appears to be the easiest solution for this, but the price is a bit much for our app that is just starting out. Is there a possible alternative solution for this, or are we locked into the multipass?

Any directions and guidance relating to these issues would be greatly appreciated.