To ensure the stability and performance of our Shopware SaaS platform, we enforce rate limits on certain API endpoints. If a client exceeds the specified limits, the request will be denied with a 429 Too Many Requests response.
| HTTP Method | Endpoint | Rate Limit | Explanation |
| POST | /api/oauth/token | 10 per minute per IP address | Token validity is long; reuse until expiration. |
| POST | /account/register | 3 per minute per IP address | Limits excessive account creation. |
| POST | /api/_action/mail-template/send | 3 per minute per IP address | Prevents excessive email dispatching. |
| POST | /api/_action/index | 1 per hour per IP address | Controls resource-heavy indexing actions. |
| POST | /api/_action/indexing | 1 per hour per IP address | Ensures system stability during bulk indexing. |
If you exceed the rate limit, the API will respond with:
HTTP Status Code:429 Too Many Requests
Response Headers:
Retry-After: Specifies the duration (in seconds) after which you can send the next request.
To avoid being rate-limited, ensure efficient API usage by caching tokens and batching requests where possible.
