Are you doing this on a dev store?
This happened to me as well creating orders with mutations on a dev store. I ended up randomizing the email address to bypass it.
From what I can gather, there is a separate throttle specific to the orderUpdate mutation related to changing the phone and email values. Based on shop plan, trial and development shops get 1 update per day, otherwise it is 1 per minute.
1 Like
For anyone else stumbling onto this in 2025, worth noting that this throttle is completely separate from the query cost system that MadWizard posted above. You can have 1990 points available and still hit “Too many attempts” because it’s a mutation-specific limit tied to phone/email changes on orders. The API response gives you no indication which throttle you’ve hit, which makes debugging painful.
Nathan’s workaround of randomizing the email is clever and works because the throttle seems designed to prevent spam or fraud patterns, not to limit order creation itself. If you’re doing bulk testing in a dev store, generating unique emails like test+${timestamp}@yourdomain.com should let you create orders without constantly waiting.
For production apps doing legitimate order imports or migrations, the 1-per-minute limit on paid stores is still pretty restrictive if you’re updating existing orders. If you’re hitting this during a large migration, one pattern that works is batching your updates with 60+ second gaps and running overnight. Not elegant but it gets the job done without hitting the wall.
Would be great if Shopify documented these mutation-specific throttles somewhere official. The standard rate limits docs don’t mention this at all, which is why so many people assume their code is broken when they see “Too many attempts” with plenty of API budget remaining.