ContextQMD
Back to Graphql Engine

Metadata API Reference: API Limits

docs/docs/api-reference/metadata-api/api-limits.mdx

2.49.24.0 KB
Original Source

import ProductBadge from '@site/src/components/ProductBadge';

Metadata API Reference: API Limits

<ProductBadge free pro ee self />

Introduction

Here's the API to manage API Limits related metadata.

set_api_limits {#metadata-set-api-limits}

You can configure api limits using the set_api_limits API.

http
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
    "type": "set_api_limits",
    "args": {
        "disabled": false,
        "depth_limit": {
            "global": 5,
            "per_role": {
                "myrole": 3
            }
        },
        "node_limit": {
            "global": 5,
            "per_role": {
                "myrole": 3
            }
        },
        "time_limit": {
            "global": 5,
            "per_role": {
                "myrole": 3
            }
        },
        "batch_limit": {
            "global": 5,
            "per_role": {
                "myrole": 3
            }
        },
        "rate_limit": {
            "global": {
                "unique_params": "IP",
                "max_reqs_per_min": 100
            },
            "per_role": {
                "myrole": {
                    "unique_params": ["x-hasura-id", "x-hasura-team-id"],
                    "max_reqs_per_min": 10
                }
            }
        }
    }
}

Args syntax {#set-api-limits-syntax}

KeyRequiredSchemaDescription
disabledfalsebooleanDefault value is false (Limits are enabled by default)
depth_limitfalseAPILimitOptionRestriction based on its depth, preventing deeply nested queries
node_limitfalseAPILimitOptionRestriction based on the number of nodes in GraphQL operation response
time_limitfalseAPILimitOptionRestricts the time that a GraphQL operation is allowed to take. The duration is specified in seconds
batch_limitfalseAPILimitOptionRestricts the number of GraphQL operations in a batched request
rate_limitfalseRateLimitOptionRestricts number of GraphQL operations per minute

In the above metadata spec:

  1. The API Limits are enabled by default, i.e the default value of disabled is false
  2. When disabled is false and none of the API Limits are set then no API limits are applied.
  3. The global field in all the API Limits is mandatory, and is used as the default API limit if no per_role option is set for the user.
  4. The per_role can be used to override the global API Limit value
  5. For rate_limit if no unique_params are provided then, the requests will be rate-limited on the role_name i.e the X-HASURA-ROLE that is used to issue the request

:::info Note

The API will throw a warning if the configured time_limit is greater than the Cloud time limit. The Cloud time limit will be used in such cases.

:::

remove_api_limits {#metadata-remove-api-limits}

You can remove all the api limits that have been set using remove_api_limit API.

http
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
    "type": "remove_api_limits"
    "args": {}
}