My SFCC Pills.

Why Quotas Matter

SFCC imposes operational quotas to prevent individual tenants from over-consuming shared platform resources. These limits apply across several domains such as API usage, session storage, custom objects, and jobs. Exceeding quotas may lead to temporary feature blocks, service degradation, or deployment rejections.

Key Quotas to Monitor

1. Session Storage: Total serialized session data is limited to 10 KB, with individual strings capped at 2000 characters. Use session.privacy instead of session.custom to handle sensitive data and minimize persistence beyond logout.
2. Custom Objects: Total of 400,000 per realm. Avoid using custom objects for transactional or high-frequency data.
3. Web Service Calls: Monitor quota usage via Business Manager. All services must be registered through LocalServiceRegistry with proper timeouts and error handling.
4. HTTPClient Requests: Ensure that connection/socket timeouts are defined. Repeated failures may trigger WAF limits or block services. (maximum 16 per page, with alert at 10)
5. OCAPI and SCAPI Calls: Rate-limited per client and user session. Misuse can block storefront functions such as checkout.

Best Practices

• Leverage Business Manager dashboards: Administration > Operations > Quota Status to track consumption trends. (enable quota warning by email)
• Use jobs instead of storefront code for batch processing.
• Employ proper session hygiene: store minimal, non-sensitive data and avoid large strings or objects.
• Enable alerting via log parsing for quota nearing limits.

References

• Governance and Quotas – Official Documentation
• Session API Reference
• Web Services Best Practices – Guidance on timeouts, retries, and fallback strategies via LocalServiceRegistry
• SCAPI Rate Limiting & Load Shedding Guide – Load shedding behavior, retry strategies, and handling 429/503 responses
• OCAPI Best Practices – Caching, hooks, rate limits, and performance optimization techniques