· Zayd Khan · order-limits  · 6 min read

Enforcing Purchase Limits on Headless Shopify Storefronts

Running a custom React or Next.js storefront? Here is how DC Order Limits works with headless Shopify implementations using the Storefront API—same rules, same enforcement, no code changes required.

Running a custom React or Next.js storefront? Here is how DC Order Limits works with headless Shopify implementations using the Storefront API—same rules, same enforcement, no code changes required.

Headless commerce is everywhere. Agencies build custom React storefronts. Brands launch Next.js-powered experiences. Mobile apps use Shopify as a backend. The Storefront API powers all of it.

But when you decouple your frontend from Shopify’s theme layer, a reasonable question comes up: do purchase limits still work?

The answer is yes. DC Order Limits enforces your rules on headless storefronts exactly the same way it does on standard Shopify themes. Here is how it works and what developers need to know.

How headless checkout works

In a headless architecture, your custom frontend handles product browsing, cart management, and the shopping experience. When a customer is ready to purchase, you create a checkout using Shopify’s Storefront API.

The key insight: even in headless implementations, the actual checkout still flows through Shopify. You create the checkout programmatically, but Shopify’s checkout infrastructure handles payment processing, order creation, and—importantly—validation.

This is where DC Order Limits operates. It uses Shopify’s Cart and Checkout Validation Functions, which run server-side during checkout. Your custom frontend creates the checkout, but Shopify’s validation layer evaluates your rules before processing the order.

No code changes required

If you are already using DC Order Limits on a standard Shopify store and migrating to headless, your rules continue to work. No code changes, no API integrations, no webhooks to configure.

The validation happens at Shopify’s layer, not your frontend layer. Your custom storefront creates a cart and checkout via the Storefront API, and Shopify runs your validation functions automatically.

This also means you cannot accidentally bypass limits by building a custom checkout experience. As long as orders flow through Shopify’s checkout (which they must for payment processing), validation runs.

Use cases for headless stores

Custom React/Next.js storefronts. You have built a completely custom shopping experience. Product pages, cart, everything custom. But your order limits need to match what you would enforce on a standard theme. They do.

Mobile apps with native checkout. Your iOS or Android app uses the Storefront API to power a native shopping experience. Customers checkout directly in the app. Your per-customer limits and quantity restrictions apply the same way.

International storefronts with localized experiences. You run multiple headless storefronts for different regions, all connected to the same Shopify backend. Your rules apply consistently across all of them.

Agency-built custom experiences. Your agency built a highly customized storefront for a specific use case—a configurator, a subscription flow, a unique checkout experience. The custom frontend does not affect rule enforcement.

Progressive web apps (PWAs). Your PWA provides an app-like experience in the browser. Checkout still flows through Shopify, so limits apply.

What developers need to understand

Cart creation

When you create a cart via the Storefront API’s cartCreate mutation, no validation runs yet. Validation happens at checkout time, not cart creation time.

This means customers can add items to their cart that might violate limits. The violation is caught when they attempt to checkout.

Checkout creation

When you create a checkout from the cart (or directly via checkoutCreate), Shopify evaluates your validation functions. If any rule is violated, the checkout is blocked.

In your frontend, you should handle checkout errors gracefully. When a checkout fails validation, Shopify returns errors that you can display to the customer.

Error handling

Shopify returns validation errors in the checkout response. A typical error looks like:

{
  "errors": [
    {
      "message": "This product is limited to 1 per customer. You have already purchased this item.",
      "field": "line_items"
    }
  ]
}

Your frontend should display these messages clearly. The message text comes from your DC Order Limits configuration, so you control the customer-facing language.

Cart vs. checkout validation

DC Order Limits can also provide cart-level warnings before checkout. If you enable cart validation, customers see limit warnings when viewing their cart, not just at checkout.

For headless implementations, you can query cart validation status via Shopify’s APIs and display warnings in your custom cart UI.

Architecture diagram

┌─────────────────────────────────────────────────────────────┐
│                    Your Headless Frontend                   │
│              (React, Next.js, Mobile App, etc.)             │
└─────────────────────────┬───────────────────────────────────┘


┌─────────────────────────────────────────────────────────────┐
│                    Shopify Storefront API                    │
│            (cartCreate, checkoutCreate, etc.)               │
└─────────────────────────┬───────────────────────────────────┘


┌─────────────────────────────────────────────────────────────┐
│                  Shopify Checkout                           │
│                                                             │
│  ┌───────────────────────────────────────────────────────┐  │
│  │           Validation Functions Layer                  │  │
│  │                                                       │  │
│  │   ┌─────────────────────────────────────────────────┐ │  │
│  │   │            DC Order Limits                      │ │  │
│  │   │   • Product quantity limits                     │ │  │
│  │   │   • Customer purchase history                   │ │  │
│  │   │   • Cart total restrictions                     │ │  │
│  │   │   • Time-based rules                           │ │  │
│  │   └─────────────────────────────────────────────────┘ │  │
│  └───────────────────────────────────────────────────────┘  │
│                                                             │
│                    Payment Processing                        │
│                    Order Creation                            │
└─────────────────────────────────────────────────────────────┘

Your rules apply at the validation layer, regardless of how the customer got there.

Testing on headless storefronts

To verify limits work on your headless implementation:

  1. Set up a test rule. Create a simple limit—1 per customer on a test product.

  2. Test via your frontend. Create a customer account in your headless app, purchase the product, then try to purchase again.

  3. Verify the error. On the second purchase attempt, checkout should fail with your configured error message.

  4. Check the API response. If you are debugging, inspect the checkout response to see the validation error structure.

If validation is not working, verify that:

  • Your checkout is flowing through Shopify’s standard checkout (not a third-party checkout app)
  • Your DC Order Limits rules are active and targeting the test product
  • The test customer is logged in (for customer-based limits)

B2B considerations

If you are running a headless B2B storefront using Shopify’s B2B features, order limits also apply. B2B checkouts flow through the same validation layer.

This is useful for:

  • Enforcing minimum order quantities for wholesale customers
  • Setting maximum purchase limits per order or per customer
  • Applying different rules based on customer tags (wholesale vs. retail)

For more on B2B use cases, see B2B order limits: controlling wholesale quantities on Shopify.

What headless does not affect

To be clear, going headless does not change:

  • Rule configuration. You still configure rules in the DC Order Limits app, same as a standard store.
  • Rule types available. All rule types (product limits, customer limits, cart limits, time-based rules) work identically.
  • Customer tracking. Customer purchase history is tracked the same way, based on Shopify customer accounts.
  • Error messages. Your configured error messages appear to customers, regardless of frontend.

The only difference is that your frontend displays the errors instead of Shopify’s theme.

Limitations to know

Third-party checkout apps. If your headless store uses a third-party checkout app that completely replaces Shopify’s checkout, validation functions may not run. DC Order Limits requires Shopify’s native checkout infrastructure.

Guest checkout tracking. Like standard stores, tracking guest checkout customers for lifetime limits is limited. For reliable tracking, encourage or require customer login.

Cart validation UI. On standard themes, DC Order Limits can inject cart validation warnings directly into the theme. On headless stores, you need to build the UI to display these warnings based on API responses.

Getting started

If you are building or maintaining a headless Shopify storefront, purchase limits work out of the box. DC Order Limits enforces your rules at the checkout layer, which headless implementations still use.

No special configuration needed. Set up your rules in the app, and they apply to checkouts from your custom frontend the same way they apply to standard Shopify themes.

For questions about specific headless implementations, reach out to our support team.

Share:
Back to Blog

Related Posts

View All Posts »
Install App