Starting March 16, 2026, our service began receiving HTTP 429 responses from Shopify’s payments_apps GraphQL endpoint. However, the response is not Shopify’s standard rate limit error, it is a Cloudflare managed bot challenge (HTML page). This might be a Shopify-side infrastructure issue, not a code bug or API rate limit breach.
End point: POST https://{merchant}/payments_apps/api/{version}/graphql.json
Response: “Your connection needs to be verified before you can proceed”
cType: 'managed
{
“errors”: [
{
“message”: “Throttled”
}
],
“extensions”: {
“cost”: {
“requestedQueryCost”: 202,
“actualQueryCost”: null,
“throttleStatus”: {
“maximumAvailable”: 1000.0,
“currentlyAvailable”: 118,
“restoreRate”: 50.0
}
}
}
}