Shopware · Rate Limits
Shopware Rate Limits
Shopware 6 applies per-IP rate limits on sensitive endpoints to mitigate brute-force and abuse. The limits are enforced on the SaaS platform and configurable on self-hosted deployments via shopware.yml. Throttled requests receive a 429 Too Many Requests response with a Retry-After header indicating the wait time in seconds before retrying.
Shopware Rate Limits is the machine-readable rate-limit profile for Shopware on the APIs.io network, conforming to the API Commons Rate Limits specification.
It captures 5 rate-limit definitions, measuring requests_per_minute and requests_per_hour.
The profile also includes response codes documented for throttled.
Tagged areas include Rate Limiting, E-Commerce, and Security.
5 Limits
Throttle: 429
Rate LimitingE-CommerceSecurity
Limits
OAuth Token Generation ip
10
Token reuse is strongly encouraged; tokens have extended validity periods and should be cached until expiration.
Account Registration ip
3
Limits prevent automated account creation abuse.
Email Dispatch ip
3
Prevents excessive outbound email triggering via API.
Full Indexing ip
1
Indexing operations are resource-intensive; limit is 1 per hour per IP to protect server performance.
Incremental Indexing ip
1
Same constraint as full indexing; developers should schedule index operations carefully to avoid hitting this limit.