When using tokens generated with client credentials to access the GraphQL Admin API, if multiple tokens are generated, are the Rate Limits managed separately for each token? Also, are they managed separately from the AccessToken of the Session used in the default app?
Hi @Shota_Yamamoto! Rate limits are shared across all tokens from the same app - they’re not separate for each token you generate.
The GraphQL Admin API rate limits are based on the combination of app + store, not individual access tokens. So whether you’re using multiple client credentials tokens or mixing client credentials with session-based OAuth tokens, they all draw from the same rate limit bucket for that app on that store.
The way it works is through a leaky bucket algorithm - each app gets a bucket with a certain capacity (like 1000 points for Plus stores) that refills at a set rate per second. Every API call from your app uses points from that bucket, regardless of which token made the request. The token is just for authentication - the rate limiting happens at the app level.
So if you generate multiple client credentials tokens thinking you’ll get separate rate limits for each, that won’t work. They’ll all share the same bucket since they’re all using the same client ID (your app’s identifier).