Limit query cost
Define a maximum cost applied to any query, regardless of whether or not the call is within the rate limits for a consumer.
By defining a max_cost on the upstream service, you ensure that no query will run with a cost higher than the set max_cost.
By default it’s set to 0, which means no limit.
Prerequisites
- You have an existing a GraphQL upstream service.
Set up the plugin
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: graphql-rate-limiting-advanced
config:
limit:
- 100
window_size:
- 60
window_type: fixed
cost_strategy: node_quantifier
max_cost: 5000
sync_rate: 0
Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "graphql-rate-limiting-advanced",
"config": {
"limit": [
100
],
"window_size": [
60
],
"window_type": "fixed",
"cost_strategy": "node_quantifier",
"max_cost": 5000,
"sync_rate": 0
}
}
'
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "graphql-rate-limiting-advanced",
"config": {
"limit": [
100
],
"window_size": [
60
],
"window_type": "fixed",
"cost_strategy": "node_quantifier",
"max_cost": 5000,
"sync_rate": 0
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: graphql-rate-limiting-advanced
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
labels:
global: 'true'
config:
limit:
- 100
window_size:
- 60
window_type: fixed
cost_strategy: node_quantifier
max_cost: 5000
sync_rate: 0
plugin: graphql-rate-limiting-advanced
" | kubectl apply -f -
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_graphql_rate_limiting_advanced" "my_graphql_rate_limiting_advanced" {
enabled = true
config = {
limit = [100]
window_size = [60]
window_type = "fixed"
cost_strategy = "node_quantifier"
max_cost = 5000
sync_rate = 0
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: graphql-rate-limiting-advanced
service: serviceName|Id
config:
limit:
- 100
window_size:
- 60
window_type: fixed
cost_strategy: node_quantifier
max_cost: 5000
sync_rate: 0
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "graphql-rate-limiting-advanced",
"config": {
"limit": [
100
],
"window_size": [
60
],
"window_type": "fixed",
"cost_strategy": "node_quantifier",
"max_cost": 5000,
"sync_rate": 0
}
}
'
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/services/{serviceId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "graphql-rate-limiting-advanced",
"config": {
"limit": [
100
],
"window_size": [
60
],
"window_type": "fixed",
"cost_strategy": "node_quantifier",
"max_cost": 5000,
"sync_rate": 0
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
serviceId: Theidof the service the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: graphql-rate-limiting-advanced
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
limit:
- 100
window_size:
- 60
window_type: fixed
cost_strategy: node_quantifier
max_cost: 5000
sync_rate: 0
plugin: graphql-rate-limiting-advanced
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the service resource:
kubectl annotate -n kong SERVICE_NAME konghq.com/plugins=graphql-rate-limiting-advanced
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_graphql_rate_limiting_advanced" "my_graphql_rate_limiting_advanced" {
enabled = true
config = {
limit = [100]
window_size = [60]
window_type = "fixed"
cost_strategy = "node_quantifier"
max_cost = 5000
sync_rate = 0
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
service = {
id = konnect_gateway_service.my_service.id
}
}
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: graphql-rate-limiting-advanced
route: routeName|Id
config:
limit:
- 100
window_size:
- 60
window_type: fixed
cost_strategy: node_quantifier
max_cost: 5000
sync_rate: 0
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "graphql-rate-limiting-advanced",
"config": {
"limit": [
100
],
"window_size": [
60
],
"window_type": "fixed",
"cost_strategy": "node_quantifier",
"max_cost": 5000,
"sync_rate": 0
}
}
'
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/routes/{routeId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "graphql-rate-limiting-advanced",
"config": {
"limit": [
100
],
"window_size": [
60
],
"window_type": "fixed",
"cost_strategy": "node_quantifier",
"max_cost": 5000,
"sync_rate": 0
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
routeId: Theidof the route the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: graphql-rate-limiting-advanced
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
limit:
- 100
window_size:
- 60
window_type: fixed
cost_strategy: node_quantifier
max_cost: 5000
sync_rate: 0
plugin: graphql-rate-limiting-advanced
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the httproute or ingress resource:
kubectl annotate -n kong httproute konghq.com/plugins=graphql-rate-limiting-advanced
kubectl annotate -n kong ingress konghq.com/plugins=graphql-rate-limiting-advanced
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_graphql_rate_limiting_advanced" "my_graphql_rate_limiting_advanced" {
enabled = true
config = {
limit = [100]
window_size = [60]
window_type = "fixed"
cost_strategy = "node_quantifier"
max_cost = 5000
sync_rate = 0
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
route = {
id = konnect_gateway_route.my_route.id
}
}
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: graphql-rate-limiting-advanced
consumer: consumerName|Id
config:
limit:
- 100
window_size:
- 60
window_type: fixed
cost_strategy: node_quantifier
max_cost: 5000
sync_rate: 0
Make sure to replace the following placeholders with your own values:
-
consumerName|Id: Theidornameof the consumer the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/consumers/{consumerName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "graphql-rate-limiting-advanced",
"config": {
"limit": [
100
],
"window_size": [
60
],
"window_type": "fixed",
"cost_strategy": "node_quantifier",
"max_cost": 5000,
"sync_rate": 0
}
}
'
Make sure to replace the following placeholders with your own values:
-
consumerName|Id: Theidornameof the consumer the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/consumers/{consumerId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "graphql-rate-limiting-advanced",
"config": {
"limit": [
100
],
"window_size": [
60
],
"window_type": "fixed",
"cost_strategy": "node_quantifier",
"max_cost": 5000,
"sync_rate": 0
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
consumerId: Theidof the consumer the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: graphql-rate-limiting-advanced
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
limit:
- 100
window_size:
- 60
window_type: fixed
cost_strategy: node_quantifier
max_cost: 5000
sync_rate: 0
plugin: graphql-rate-limiting-advanced
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the KongConsumer resource:
kubectl annotate -n kong CONSUMER_NAME konghq.com/plugins=graphql-rate-limiting-advanced
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_graphql_rate_limiting_advanced" "my_graphql_rate_limiting_advanced" {
enabled = true
config = {
limit = [100]
window_size = [60]
window_type = "fixed"
cost_strategy = "node_quantifier"
max_cost = 5000
sync_rate = 0
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
consumer = {
id = konnect_gateway_consumer.my_consumer.id
}
}