MurtAPI prevents duplicate refunds, broken auth, and rate-limit crashes when AI agents operate your store. One safety layer. Every commerce API.
APIs at launch
The problem
it doesn't just throw a 404. It loses a high-value customer or burns $5,000 in shipping labels.
Agent fetches order history, customer segments, and inventory simultaneously. Shopify's GraphQL cost budget hits zero. Agent times out mid-decision — customer left hanging.
Automatic query cost budgeting, intelligent queuing, exponential backoff. Agent never thinks about it.
One OAuth token in the Shopify → Klaviyo → Gorgias chain expires silently. Agent thinks it sent the tracking number. It didn't. Customer gets zero communication for days.
Monitor every token in the chain. Proactively refresh before expiry. Alert immediately on silent failures.
Platform delivers the same webhook twice — documented behavior on Shopify, Recharge, and Stripe. Agent acts on both. Customer gets double-refunded. Inventory double-adjusted.
Idempotency envelope on every inbound webhook. Deduplicate before the event reaches the agent.
Agent retries a failed mutation — network blip, not an error. The mutation didn't support idempotency. Order placed twice. Customer charged twice. Support nightmare.
Mutation safety registry — MurtAPI knows which mutations are retry-safe and which aren't. Unsafe retries are blocked automatically.
Klaviyo fires → Shopify tag update → agent checks fraud → updates order → re-triggers Klaviyo. Merchant wakes up to a $400 LLM bill and 5,000 redundant API calls for a single order.
Loop detector breaks circular API trigger chains automatically before they burn credits.
Agent creates a draft order to reserve inventory. Customer gets distracted, never pays. No cleanup logic. After a week, 500 zombie orders have effectively delisted the best-selling product.
Automatic TTL on agent-created draft orders. Configurable expiry. Auto-cleanup runs without agent involvement.
31 bad days documented. Every feature in MurtAPI fixes a real one.
The difference
// Your agent today
const res = await fetch(
`https://${shop}.myshopify.com/
admin/api/2025-01/graphql.json`,
{
headers: {
'X-Shopify-Access-Token':
process.env.TOKEN, // expires silently
},
body: JSON.stringify({ query }),
}
);
// Hope the token isn't expired
// Hope you don't hit rate limits
// Hope this webhook wasn't already processed
// Hope this mutation is safe to retry
// Hope the error format matches what
// you expected// With MurtAPI
const res = await fetch(
'https://api.murtapi.com/proxy',
{
headers: {
'Authorization': `Bearer ${MURTAPI_KEY}`,
'X-Shop-Domain': shop,
},
body: JSON.stringify({
api: 'shopify-admin',
path: '/graphql.json',
body: { query },
idempotencyKey: webhookId,
}),
}
);
// Token refresh: handled
// Rate limits: handled
// Duplicate webhooks: handled
// Mutation safety: handled
// Error format: always the sameHow it works
GraphQL rate limit management
Cost budgeting + queuing
Auth vault
Encrypted key storage + proactive token refresh
Response filtering
Strip JSON bloat to agent-essential fields
ID translation
GID ↔ REST integer auto-convert
Webhook HMAC validation
Signature verification at ingress
Idempotency envelope
Deduplicate webhook delivery
Mutation safety registry
Block unsafe retries
Normalized errors
One error shape across all APIs
Built for
Building apps, automations, and agent workflows on the Shopify platform
Running autonomous agents for support, fulfillment, and CX at scale
Building agent-powered tools for merchant clients
Built for developers who have hit these walls
“Shopify's leaky bucket rate limit is the most common reason AI agents fail silently in production.”
Shopify Developer Forums
“I've built agents for 20+ e-commerce brands. The ones that survive are the ones with proper idempotency and retry logic.”
r/n8n
“Duplicate webhook delivery is documented behavior. If your agent doesn't deduplicate, you will double-refund a customer eventually.”
Shopify Webhook Docs
Free beta
Free during beta. Be first to know when MurtAPI is ready.