We've just added Rate Limiting for your GraphQL API. We are excited to announce the Beta release of our latest feature. With Rate Limiting we want to help you to protect your GraphQL API from bots, hackers, and SLA violations by rate limiting specific GraphQL operations. 

Through our conversations with hundreds of companies using GraphQL in production, we’ve learned about some common pain points:

1. Bots spamming their addToCart mutation whenever they drop new limited edition products
2. Hackers sending lots of requests to the login mutation, trying to crack their users’ passwords
3. Consumers exceeding SLAs they’ve signed that limit the number of times they can request certain data

The solution for all of these is to rate limit the number of calls any single consumer can make. For example, only allowing two login or addToCart mutations from a single actor every ten seconds. 

Check out the docs and learn how to use Rate Limiting to protect your GraphQL API. While still in Beta, keep an eye on the limitations.

Join the channel #rate-limiting for feedback and support on our Discord server!