GraphQL Rate Limiting

Object-based rate limiting

We found that the most robust way to think about GraphQL Rate Limiting is by looking at the server’s consumption and its real usage. The Inigo platform does this by counting each query’s requested objects and returned objects against a time frame limit (e.g. 1,000 objects per minute). By using object-based rate limiting, your server can be protected against potential performance degradation, while still allowing for a flexible and efficient use of the API.

GraphQL security features

Inbound operation limits

Limit the number of requests that can be made against specific operations and mutations. This way, your server can be protected from being overwhelmed by a large number of requests for a single object, while still allowing for a reasonable amount of requests for other objects.

protection_4@2x.gif

Outbound object limits

Data scraping protection. Analyze and evaluate each response to accurately any instances of data scraping or resource-heavy objects that could potentially cause an overload in your system. This real-time proactive approach ensures that your system is protected against any potential performance degradation, thereby preserving its stability and reliability.

protection_5@2x.gif