The rate limiting will track who would have been blocked but it won’t actually block anyone. That way, you can assess whether the rules you configured work the way you want them to!
GraphQL Security
Protect your API against attacks and optimize performance with Stellate's advanced edge filters, persisted operations registry, and rate limiting capabilities for GraphQL.
GraphQL API Security with Advanced Controls
Improve the stability of your GraphQL API by preventing unnecessary requests.
Prevent service degradation
Malicious actors, misconfigured clients, and traffic spikes can cause slowdowns or downtime for your GraphQL API.
Stop scrapers from getting your data
If you have valuable data, you can bet that somebody will attempt to scrape it for their own use.
Reduce your cloud costs
While serverless infrastructure allows you to scale quickly, it can also get very costly if you don't have control over your traffic.
Edge filters to prevent exploitation
Directives, alias, and request size limits along with suggestion masking protect from attacks ever reaching your origin.
Secure Your GraphQL API at the Edge
Protect your infrastructure by blocking unwanted traffic at the edge.
{rateLimits: (req) => [{name: 'Request Limit',groupBy: 'ip',limit: {type: 'RequestCount',budget: 60,window: '1m',},}],}
Add request-based rate limiting for a baseline of protection on the HTTP layer. We support identifying consumers by any part of the request.
{rateLimits: (req) => [{name: 'Request Limit',groupBy: 'ip',limit: {type: 'RequestCount',budget: 60,window: '1m',},}],}
Rate limit specific GraphQL operations
Limiting requests per second isn’t good enough to control the server load of a GraphQL API. Our GraphQL Rate Limiting allows you to rate limit specific operations.
Limit by HTTP requests count
Allow 3 requests / second
Limit by operation
Allow 1 addToCart mutation / second
Persisted Operations Registry
Secure your GraphQL API without losing performance or observability
Persisted Operations Query Response Caching
Analyze and cache query responses for hashed queries
Persisted Operations Observability
Get the same insights you would with non-persisted queries, such as the amount of usage and most recent usage
Find the right rate limits for your GraphQL API
How can you find the right request and complexity limits for your GraphQL API? We provide you with tools that help you do it simply and quickly.
Start in dry run mode
Visualize your traffic distribution
Stellate’s GraphQL Metrics tracks the distribution of requests and query complexity per timeframe per consumer so that you can visually see where to set your limits.
Real-time visibility into your rate limits
To make sure you’re not blocking the wrong people, Stellate’s GraphQL Metrics provide you with an overview of all the API consumers and their traffic, particularly when they were blocked.
More than just rate limiting
Make sure your metrics always look good with Stellate’s GraphQL edge caching, included by default.
Want to see how it works?
Stellate helps companies reduce their infrastructure costs by up to 40%, eliminate downtime, and improve performance.