Providing real-time protection helps prevent data tampering, malicious traffic and slow (or unresponsive) API responses. Improving the performance and responsiveness of the API.
DoS is the name of the game. Ensure the right security knobs are in place to protect against query-based DoS attacks.
GraphQL’s complex payload expands attackers' ability to inject malicious payloads and compromise its underlying system.
Properly validate and sanitize any user-supplied input in a GraphQL API to prevent injection attacks. Read more.
No, you don’t need to disable introspection. With RBAC Introspection separation, access control can be completely enforced at the edge. Users gain schema visibility only to allowed operations, types, and fields. Learn more about Inigo’s schema-based access control.
Keep resolvers clean and tight. Transform from complex code logic into role-based declarative configuration. Easy to maintain and manage during the development lifecycle.
We found that the most robust way to think about GraphQL Rate Limiting is by looking at the server’s consumption and its real usage. The Inigo platform does this by counting each query’s requested objects and returned objects against a time frame limit (e.g. 1,000 objects per minute). By using object-based rate limiting, your server can be protected against potential performance degradation, while still allowing for a flexible and efficient use of the API.
Limit the number of requests that can be made against specific operations and mutations. This way, your server can be protected from being overwhelmed by a large number of requests for a single object, while still allowing for a reasonable amount of requests for other objects.
Analyze and evaluate each response to accurately any instances of data scraping or resource-heavy objects that could potentially cause an overload in your system. This real-time proactive approach ensures that your system is protected against any potential performance degradation, thereby preserving its stability and reliability.