API Rate Limit for Storefront & Buy SDK on an Website

Shopify Partner
7 0 1

Hey Guys,


iam developing a website which uses the Shopify Buy Button with the Buy SDK Library and the Storefront API.


Maybe your thinking "why the .uck he does this?"


Usage Explanation:

Buy Button: To get Shopify Backend running on my Website to Sell products. (without developing an selfmade selling system)


Buy SDK Library: To dynamically fetch collections and products. For example every product has an own detailpage which is created with their product ID. (so if my customer creates an new product in his Shopify Login, it will automatically be on his website!)


Storefront API: To display 3 random products (price/title/pic etc.) on the homepage. (product preview)


My Problem:

The problem is, iam using PHP curl function on the Storefront API.

So my Webserver IP always will call the Storefront API and not the User.

The Buy Button and Buy SDK Library works with JavaScript, so the User IP always call the Storefront API right?


I had read here: https://shopify.dev/api/storefront

That there is any methode to pass the buyer IP into the "Shopify-Storefront-Buyer-IP" header,

which affects that my Webserver will not call the Storefront API but the User IP. But i didnt understand how i should do this?



So i used this https://shopify.dev/api/admin-graphql/2022-07/mutations/storefrontaccesstokencreate to create a delegated token and was thinking it will have his own rate Limit. But i had read they always use the same rate limit. Stands here: https://community.shopify.com/c/storefront-api-and-sdks/read-before-posting-custom-storefront-storef.... Also they have a limit of 100 delegated Tokens, so it is not a solution for me.



My Questions:

  • If i use some fetch functions with the Buy SDK Library on my Website (with JavaScript), does the rate limit works correctly based on every single user? (because JavaScript always runs on the browser of the user)
  • Is there any way to pass through the user IP in an PHP Curl which uses the Storefront API, to get a correctly throttled rate limit?



I am grateful for any reply!



Replies 0 (0)