GraphQL Rate Limiting Advanced: Modify costs by score factor - Plugin

Modify costs by score factorv1.3+

GraphQL query cost depends on multiple factors, based on Kong Gateway’s resolvers and the implementation of the schema. Depending on the cost strategy, individual query costs could become high when using quantifiers, or very low with no quantifiers at all. By using config.score_factor, the cost can be divided or multiplied to a certain order of magnitude.

In this example, a score factor of 0.01 divides the costs by 100, meaning every cost unit represents 100 nodes.

Prerequisites

You have an existing a GraphQL upstream service.

Set up the plugin

Add this section to your kong.yaml configuration file:

kong.yaml

Copied!

_format_version: "3.0"
plugins:
  - name: graphql-rate-limiting-advanced
    config:
      limit:
      - 100
      window_size:
      - 60
      window_type: fixed
      cost_strategy: node_quantifier
      max_cost: 5000
      score_factor: 0.01
      sync_rate: 0

Make the following request:

curl -i -X POST http://localhost:8001/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "graphql-rate-limiting-advanced",
      "config": {
        "limit": [
          100
        ],
        "window_size": [
          60
        ],
        "window_type": "fixed",
        "cost_strategy": "node_quantifier",
        "max_cost": 5000,
        "score_factor": 0.01,
        "sync_rate": 0
      },
      "tags": []
    }
    '

Copied!

Make the following request:

curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
    --header "accept: application/json" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer $KONNECT_TOKEN" \
    --data '
    {
      "name": "graphql-rate-limiting-advanced",
      "config": {
        "limit": [
          100
        ],
        "window_size": [
          60
        ],
        "window_type": "fixed",
        "cost_strategy": "node_quantifier",
        "max_cost": 5000,
        "score_factor": 0.01,
        "sync_rate": 0
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

region: Geographic region where your Kong Konnect is hosted and operates.
controlPlaneId: The id of the control plane.
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.

See the Konnect API reference to learn about region-specific URLs and personal access tokens.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
  name: graphql-rate-limiting-advanced
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/tags: ''
  labels:
    global: 'true'
config:
  limit:
  - 100
  window_size:
  - 60
  window_type: fixed
  cost_strategy: node_quantifier
  max_cost: 5000
  score_factor: 0.01
  sync_rate: 0
plugin: graphql-rate-limiting-advanced
" | kubectl apply -f -

Copied!

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Copied!

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_graphql_rate_limiting_advanced" "my_graphql_rate_limiting_advanced" {
  enabled = true

  config = {
    limit = [100]
    window_size = [60]
    window_type = "fixed"
    cost_strategy = "node_quantifier"
    max_cost = 5000
    score_factor = 0.01
    sync_rate = 0
  }
  tags = []

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}

Copied!

Add this section to your kong.yaml configuration file:

kong.yaml

Copied!

_format_version: "3.0"
plugins:
  - name: graphql-rate-limiting-advanced
    service: serviceName|Id
    config:
      limit:
      - 100
      window_size:
      - 60
      window_type: fixed
      cost_strategy: node_quantifier
      max_cost: 5000
      score_factor: 0.01
      sync_rate: 0

Make sure to replace the following placeholders with your own values:

serviceName|Id: The id or name of the service the plugin configuration will target.

Make the following request:

curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "graphql-rate-limiting-advanced",
      "config": {
        "limit": [
          100
        ],
        "window_size": [
          60
        ],
        "window_type": "fixed",
        "cost_strategy": "node_quantifier",
        "max_cost": 5000,
        "score_factor": 0.01,
        "sync_rate": 0
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

serviceName|Id: The id or name of the service the plugin configuration will target.

Make the following request:

curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/services/{serviceId}/plugins/ \
    --header "accept: application/json" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer $KONNECT_TOKEN" \
    --data '
    {
      "name": "graphql-rate-limiting-advanced",
      "config": {
        "limit": [
          100
        ],
        "window_size": [
          60
        ],
        "window_type": "fixed",
        "cost_strategy": "node_quantifier",
        "max_cost": 5000,
        "score_factor": 0.01,
        "sync_rate": 0
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

region: Geographic region where your Kong Konnect is hosted and operates.
controlPlaneId: The id of the control plane.
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
serviceId: The id of the service the plugin configuration will target.

See the Konnect API reference to learn about region-specific URLs and personal access tokens.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: graphql-rate-limiting-advanced
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/tags: ''
config:
  limit:
  - 100
  window_size:
  - 60
  window_type: fixed
  cost_strategy: node_quantifier
  max_cost: 5000
  score_factor: 0.01
  sync_rate: 0
plugin: graphql-rate-limiting-advanced
" | kubectl apply -f -

Copied!

Next, apply the KongPlugin resource by annotating the service resource:

kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=graphql-rate-limiting-advanced

Copied!

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Copied!

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_graphql_rate_limiting_advanced" "my_graphql_rate_limiting_advanced" {
  enabled = true

  config = {
    limit = [100]
    window_size = [60]
    window_type = "fixed"
    cost_strategy = "node_quantifier"
    max_cost = 5000
    score_factor = 0.01
    sync_rate = 0
  }
  tags = []

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
  service = {
    id = konnect_gateway_service.my_service.id
  }
}

Copied!

Add this section to your kong.yaml configuration file:

kong.yaml

Copied!

_format_version: "3.0"
plugins:
  - name: graphql-rate-limiting-advanced
    route: routeName|Id
    config:
      limit:
      - 100
      window_size:
      - 60
      window_type: fixed
      cost_strategy: node_quantifier
      max_cost: 5000
      score_factor: 0.01
      sync_rate: 0

Make sure to replace the following placeholders with your own values:

routeName|Id: The id or name of the route the plugin configuration will target.

Make the following request:

curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "graphql-rate-limiting-advanced",
      "config": {
        "limit": [
          100
        ],
        "window_size": [
          60
        ],
        "window_type": "fixed",
        "cost_strategy": "node_quantifier",
        "max_cost": 5000,
        "score_factor": 0.01,
        "sync_rate": 0
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

routeName|Id: The id or name of the route the plugin configuration will target.

Make the following request:

curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/routes/{routeId}/plugins/ \
    --header "accept: application/json" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer $KONNECT_TOKEN" \
    --data '
    {
      "name": "graphql-rate-limiting-advanced",
      "config": {
        "limit": [
          100
        ],
        "window_size": [
          60
        ],
        "window_type": "fixed",
        "cost_strategy": "node_quantifier",
        "max_cost": 5000,
        "score_factor": 0.01,
        "sync_rate": 0
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

region: Geographic region where your Kong Konnect is hosted and operates.
controlPlaneId: The id of the control plane.
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
routeId: The id of the route the plugin configuration will target.

See the Konnect API reference to learn about region-specific URLs and personal access tokens.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: graphql-rate-limiting-advanced
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/tags: ''
config:
  limit:
  - 100
  window_size:
  - 60
  window_type: fixed
  cost_strategy: node_quantifier
  max_cost: 5000
  score_factor: 0.01
  sync_rate: 0
plugin: graphql-rate-limiting-advanced
" | kubectl apply -f -

Copied!

Next, apply the KongPlugin resource by annotating the httproute or ingress resource:

kubectl annotate -n kong httproute  konghq.com/plugins=graphql-rate-limiting-advanced

Copied!

kubectl annotate -n kong ingress  konghq.com/plugins=graphql-rate-limiting-advanced

Copied!

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Copied!

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_graphql_rate_limiting_advanced" "my_graphql_rate_limiting_advanced" {
  enabled = true

  config = {
    limit = [100]
    window_size = [60]
    window_type = "fixed"
    cost_strategy = "node_quantifier"
    max_cost = 5000
    score_factor = 0.01
    sync_rate = 0
  }
  tags = []

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
  route = {
    id = konnect_gateway_route.my_route.id
  }
}

Copied!

Add this section to your kong.yaml configuration file:

kong.yaml

Copied!

_format_version: "3.0"
plugins:
  - name: graphql-rate-limiting-advanced
    consumer: consumerName|Id
    config:
      limit:
      - 100
      window_size:
      - 60
      window_type: fixed
      cost_strategy: node_quantifier
      max_cost: 5000
      score_factor: 0.01
      sync_rate: 0

Make sure to replace the following placeholders with your own values:

consumerName|Id: The id or name of the consumer the plugin configuration will target.

Make the following request:

curl -i -X POST http://localhost:8001/consumers/{consumerName|Id}/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "graphql-rate-limiting-advanced",
      "config": {
        "limit": [
          100
        ],
        "window_size": [
          60
        ],
        "window_type": "fixed",
        "cost_strategy": "node_quantifier",
        "max_cost": 5000,
        "score_factor": 0.01,
        "sync_rate": 0
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

consumerName|Id: The id or name of the consumer the plugin configuration will target.

Make the following request:

curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/consumers/{consumerId}/plugins/ \
    --header "accept: application/json" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer $KONNECT_TOKEN" \
    --data '
    {
      "name": "graphql-rate-limiting-advanced",
      "config": {
        "limit": [
          100
        ],
        "window_size": [
          60
        ],
        "window_type": "fixed",
        "cost_strategy": "node_quantifier",
        "max_cost": 5000,
        "score_factor": 0.01,
        "sync_rate": 0
      },
      "tags": []
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

region: Geographic region where your Kong Konnect is hosted and operates.
controlPlaneId: The id of the control plane.
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
consumerId: The id of the consumer the plugin configuration will target.

See the Konnect API reference to learn about region-specific URLs and personal access tokens.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: graphql-rate-limiting-advanced
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/tags: ''
config:
  limit:
  - 100
  window_size:
  - 60
  window_type: fixed
  cost_strategy: node_quantifier
  max_cost: 5000
  score_factor: 0.01
  sync_rate: 0
plugin: graphql-rate-limiting-advanced
" | kubectl apply -f -

Copied!

Next, apply the KongPlugin resource by annotating the KongConsumer resource:

kubectl annotate -n kong  CONSUMER_NAME konghq.com/plugins=graphql-rate-limiting-advanced

Copied!

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Copied!

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_graphql_rate_limiting_advanced" "my_graphql_rate_limiting_advanced" {
  enabled = true

  config = {
    limit = [100]
    window_size = [60]
    window_type = "fixed"
    cost_strategy = "node_quantifier"
    max_cost = 5000
    score_factor = 0.01
    sync_rate = 0
  }
  tags = []

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
  consumer = {
    id = konnect_gateway_consumer.my_consumer.id
  }
}

Copied!

GraphQL Rate Limiting Advanced

Modify costs by score factorv1.3+

Prerequisites

Set up the plugin

Help us make these docs great!

Still need help