Looking for the plugin's configuration parameters? You can find them in the GraphQL Rate Limiting Advanced configuration reference doc.
The GraphQL Rate Limiting Advanced plugin provides rate limiting for GraphQL queries. The GraphQL Rate Limiting plugin extends the Rate Limiting Advanced plugin.
Due to the nature of client-specified GraphQL queries, the same HTTP request to the same URL with the same method can vary greatly in cost depending on the semantics of the GraphQL operation in the body.
A common pattern to protect your GraphQL API is then to analyze and assign costs to incoming GraphQL queries and rate limit the consumer’s cost for a given time window.
Notes:
- Redis configuration values are ignored if the
cluster
strategy is used.- PostgreSQL 9.5+ is required when using the
cluster
strategy withpostgres
as the backing Kong cluster datastore.- The
dictionary_name
directive was added to prevent the usage of thekong
shared dictionary, which could lead tono memory
errors.- The introspection endpoint is generated based on the Kong service path, so the service path should be defined with an actual path instead of appending from the route path.
- Known limitation: The query and introspection endpoints cannot have separate paths.
- Example: While using KIC, if the query and introspection endpoints are at path
/graphql
, they should be configured like this:
- Add the
konghq.com/strip-path: "true"
annotation to the ingress resource- Add the
konghq.com/path: /graphql
annotation to the service resource
Kong also provides a GraphQL Proxy Cache Advanced plugin.