Cost
GraphQL is an open source standard for query language and execution engine for application services to describe their data model, what kind of interactions can be performed with that data, and what requirements those interactions have in a flexible way. This flexibility comes at a price: API consumers can request massive amounts of data, which can be costly to service providers or threaten the availability of their services.
To address this risk, many GraphQL implementations use query cost analysis, such as the @cost directive of the IBM GraphQL Cost Directive Specification. Cost analysis evaluates how expensive a GraphQL request is expected to be before executing it. Based on this analysis, the server can decide whether to allow the query or reject it before processing begins.
Proper cost annotations help ensure that GraphQL APIs remain predictable, well-performing, and resistant to abuse and allow enforcing policies such as:
- Maximum query cost limits
- Query rejection thresholds
- Adaptive rate limiting
- Workload-based throttling