Expand my Community achievements bar.

SOLVED

GraphQL security & scalable way in AEM?

Avatar

Level 7
Level 7
12/29/22 3:44:36 PM

I understand whenever someone is making a GraphQL query request to AEM, the publishers will be hit with some load time. What happens if someone decides to spam the GraphQL query request?

 

is there a secure way to safeguard the GraphQL query request from being spammed?

How about caching? How does AEM cache GraphQL query requests?

Views

516

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 4
Level 4
12/29/22 9:24:33 PM

Hi @AEMWizard ,

 

Yes, you can safeguard your graphQL queries by implementing the following:

  1. Rate Limiting: You can use rate limiting to limit the number of GraphQL query requests that can be made to your AEM instance within a certain timeframe.
  2. Throttling: You can use throttling to limit the number of GraphQL query requests that can be made concurrently to your AEM instance
  3. Captcha(For Bot protection only): You can use a Captcha to verify that the request is being made by a human, rather than a bot. 

You can also go for persisted graphQL option if you want to cache the query results.A persisted query is a GraphQL query that has been stored in a server-side cache. This allows clients to send an ID in place of the full query text, reducing the amount of data sent over the network and potentially improving performance. You can find more about it here - https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/g...

 

Thanks,

Monendra

View solution in original post

Views

495

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Level 4
Level 4
12/29/22 9:24:33 PM

Hi @AEMWizard ,

 

Yes, you can safeguard your graphQL queries by implementing the following:

  1. Rate Limiting: You can use rate limiting to limit the number of GraphQL query requests that can be made to your AEM instance within a certain timeframe.
  2. Throttling: You can use throttling to limit the number of GraphQL query requests that can be made concurrently to your AEM instance
  3. Captcha(For Bot protection only): You can use a Captcha to verify that the request is being made by a human, rather than a bot. 

You can also go for persisted graphQL option if you want to cache the query results.A persisted query is a GraphQL query that has been stored in a server-side cache. This allows clients to send an ID in place of the full query text, reducing the amount of data sent over the network and potentially improving performance. You can find more about it here - https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/g...

 

Thanks,

Monendra

Views

496

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
AEM Forms Solved

Views

115

Likes

0

Replies

6
AEM x Workfront Native Intergration - You do not have permissions to access this resource Solved

Views

108

Likes

0

Replies

2
AWS DynamoDB dependencies are not resolved in core Bundle in AEM Cloud

Views

13

Likes

0

Replies

0
AEM GraphQL Schema Error

Views

36

Likes

0

Replies

2
How to push a node from author to publish in real time on Adobe Cloud ?

Views

92

Likes

0

Replies

5