Expand my Community achievements bar.

Nomination window for the Adobe Community Advisor Program, Class of 2025, is now open!
Apply now!
SOLVED

GraphQL security & scalable way in AEM?

Avatar

Level 7
Level 7
12/29/22 3:44:36 PM

I understand whenever someone is making a GraphQL query request to AEM, the publishers will be hit with some load time. What happens if someone decides to spam the GraphQL query request?

 

is there a secure way to safeguard the GraphQL query request from being spammed?

How about caching? How does AEM cache GraphQL query requests?

Views

673

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 4
Level 4
12/29/22 9:24:33 PM

Hi @SupportMember ,

 

Yes, you can safeguard your graphQL queries by implementing the following:

  1. Rate Limiting: You can use rate limiting to limit the number of GraphQL query requests that can be made to your AEM instance within a certain timeframe.
  2. Throttling: You can use throttling to limit the number of GraphQL query requests that can be made concurrently to your AEM instance
  3. Captcha(For Bot protection only): You can use a Captcha to verify that the request is being made by a human, rather than a bot. 

You can also go for persisted graphQL option if you want to cache the query results.A persisted query is a GraphQL query that has been stored in a server-side cache. This allows clients to send an ID in place of the full query text, reducing the amount of data sent over the network and potentially improving performance. You can find more about it here - https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/g...

 

Thanks,

Monendra

View solution in original post

Views

652

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Level 4
Level 4
12/29/22 9:24:33 PM

Hi @SupportMember ,

 

Yes, you can safeguard your graphQL queries by implementing the following:

  1. Rate Limiting: You can use rate limiting to limit the number of GraphQL query requests that can be made to your AEM instance within a certain timeframe.
  2. Throttling: You can use throttling to limit the number of GraphQL query requests that can be made concurrently to your AEM instance
  3. Captcha(For Bot protection only): You can use a Captcha to verify that the request is being made by a human, rather than a bot. 

You can also go for persisted graphQL option if you want to cache the query results.A persisted query is a GraphQL query that has been stored in a server-side cache. This allows clients to send an ID in place of the full query text, reducing the amount of data sent over the network and potentially improving performance. You can find more about it here - https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/g...

 

Thanks,

Monendra

Views

653

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
How to create different thumbnail renditions for PDF in AEM DAM ? Solved

Views

151

Likes

0

Replies

2
How to Add Gradient Color Selection to the OOTB Colour Picker in AEM Cloud Solved

Views

129

Likes

0

Replies

2
Modification of core functionality of multifield in dialog. Solved

Views

108

Likes

0

Replies

3
Localhost AEM throws error: Use 'service.ranking:Integer' as the key

Views

34

Likes

0

Replies

1
AEM CLoud GraphQL Filter using string array

Views

150

Likes

0

Replies

6