Rate limiting Icon

GraphQL Security

Protect your API against attacks and optimize performance with Stellate's advanced edge filters, persisted operations registry, and rate limiting capabilities for GraphQL.

Rate Limiting Hero Image
Why Rate LIMIT your GraphQL API?

GraphQL API Security with Advanced Controls

Improve the stability of your GraphQL API by preventing unnecessary requests.

Prevent service degradation Icon
Prevent service degradation

Malicious actors, misconfigured clients, and traffic spikes can cause slowdowns or downtime for your GraphQL API.

Stop scrapers from getting your data Icon
Stop scrapers from getting your data

If you have valuable data, you can bet that somebody will attempt to scrape it for their own use.

Contain your infrastructure costs Icon
Reduce your cloud costs

While serverless infrastructure allows you to scale quickly, it can also get very costly if you don't have control over your traffic.

Enforce your SLA terms Icon
Edge filters to prevent exploitation

Directives, alias, and request size limits along with suggestion masking protect from attacks ever reaching your origin.

What Does Stellate’s GraphQL Rate Limiting do?

Secure Your GraphQL API at the Edge

Protect your infrastructure by blocking unwanted traffic at the edge.

rateLimits: (req) => [{
name: 'Request Limit',
groupBy: 'ip',
limit: {
type: 'RequestCount',
budget: 60,
window: '1m',

Add request-based rate limiting for a baseline of protection on the HTTP layer. We support identifying consumers by any part of the request.

How to rate limit GraphQL operations?

Rate limit specific GraphQL operations

Limiting requests per second isn’t good enough to control the server load of a GraphQL API. Our GraphQL Rate Limiting allows you to rate limit specific operations.

Limit by HTTP requests count

Allow 3 requests / second

Group 47304
Limit by operation

Allow 1 addToCart mutation / second

Frame 47317

Persisted Operations Registry

Secure your GraphQL API without losing performance or observability

Persisted Operations Query Response Caching

Analyze and cache query responses for hashed queries

Persisted Operations Observability

Get the same insights you would with non-persisted queries, such as the amount of usage and most recent usage

Get started with ease

Find the right rate limits for your GraphQL API

How can you find the right request and complexity limits for your GraphQL API? We provide you with tools that help you do it simply and quickly.

  • Frame

    Start in dry run mode

    The rate limiting will track who would have been blocked but it won’t actually block anyone. That way, you can assess whether the rules you configured work the way you want them to!

  • Frame

    Visualize your traffic distribution

    Stellate’s GraphQL Metrics tracks the distribution of requests and query complexity per timeframe per consumer so that you can visually see where to set your limits.

  • interface-id-voice-2

    Real-time visibility into your rate limits

    To make sure you’re not blocking the wrong people, Stellate’s GraphQL Metrics provide you with an overview of all the API consumers and their traffic, particularly when they were blocked.


More than just rate limiting

Make sure your metrics always look good with Stellate’s GraphQL edge caching, included by default.

Want to see how it works?

Stellate helps companies reduce their infrastructure costs by up to 40%, eliminate downtime, and improve performance.