Skip to main content
Version: v2.x

Metadata API Reference: API Limits

Available on: Cloud Free, Cloud Professional, Cloud Enterprise, Self-Hosted Enterprise

Introduction

Here's the API to manage API Limits related metadata.

set_api_limits

You can configure api limits using the set_api_limits API.

POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
    "type": "set_api_limits",
    "args": {
        "disabled": false,
        "depth_limit": {
            "global": 5,
            "per_role": {
                "myrole": 3
            }
        },
        "node_limit": {
            "global": 5,
            "per_role": {
                "myrole": 3
            }
        },
        "time_limit": {
            "global": 5,
            "per_role": {
                "myrole": 3
            }
        },
        "batch_limit": {
            "global": 5,
            "per_role": {
                "myrole": 3
            }
        },
        "rate_limit": {
            "global": {
                "unique_params": "IP",
                "max_reqs_per_min": 100
            },
            "per_role": {
                "myrole": {
                    "unique_params": ["x-hasura-id", "x-hasura-team-id"],
                    "max_reqs_per_min": 10
                }
            }
        }
    }
}

Args syntax

KeyRequiredSchemaDescription
disabledfalsebooleanDefault value is false (Limits are enabled by default)
depth_limitfalseAPILimitOptionRestriction based on its depth, preventing deeply nested queries
node_limitfalseAPILimitOptionRestriction based on the number of nodes in GraphQL operation response
time_limitfalseAPILimitOptionRestricts the time that a GraphQL operation is allowed to take. The duration is specified in seconds
batch_limitfalseAPILimitOptionRestricts the number of GraphQL operations in a batched request
rate_limitfalseRateLimitOptionRestricts number of GraphQL operations per minute

In the above metadata spec:

  1. The API Limits are enabled by default, i.e the default value of disabled is false
  2. When disabled is false and none of the API Limits are set then no API limits are applied.
  3. The global field in all the API Limits is mandatory, and is used as the default API limit if no per_role option is set for the user.
  4. The per_role can be used to override the global API Limit value
  5. For rate_limit if no unique_params are provided then, the requests will be rate-limited on the role_name i.e the X-HASURA-ROLE that is used to issue the request
Note

The API will throw a warning if the configured time_limit is greater than the Cloud time limit. The Cloud time limit will be used in such cases.

remove_api_limits

You can remove all the api limits that have been set using remove_api_limit API.

POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
    "type": "remove_api_limits"
    "args": {}
}
Loading...