We found that the most robust way to think about GraphQL Rate Limiting is by looking at the server’s consumption and its real usage. The Inigo platform does this by counting each query’s returned objects against a time frame limit (e.g., 1,000 objects per minute). This approach works best with granular access control, where heavy-usage roles have a larger allowance than other roles or unauthenticated calls.
Not all fields are equal and some may take more time to retrieve than others (e.g., computed fields). In this configuration, developers can manually assign different credit weights to different types and fields.
This zero-configuration approach constantly reevaluates credit weights based on the GraphQL tracing and the server response time.