A principled approach to GraphQL query cost analysis

  title={A principled approach to GraphQL query cost analysis},
  author={Alan Cha and Erik Wittern and Guillaume Baudart and James C. Davis and Louis Mandel and Jim Laredo},
  journal={Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  • Alan Cha, Erik Wittern, +3 authors Jim Laredo
  • Published 11 September 2020
  • Computer Science
  • Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
The landscape of web APIs is evolving to meet new client requirements and to facilitate how providers fulfill them. A recent web API model is GraphQL, which is both a query language and a runtime. Using GraphQL, client queries express the data they want to retrieve or mutate, and servers respond with exactly those data or changes. GraphQL’s expressiveness is risky for service providers because clients can succinctly request stupendous amounts of data, and responding to overly complex queries… 

Figures and Tables from this paper

Learning GraphQLQuery Costs
GraphQL is a query language for APIs and a runtime for executing those queries, fetching the requested data from existing microservices, REST APIs, databases, or other sources. Its expressiveness and
Evaluating GraphQL and REST API Services Performance in a Massive and Intensive Accessible Information System
This paper proposes a new research methodology to evaluate the performance of REST and GraphQL API services with two main ideas as novelties, and shows GraphQL is the right choice when data requirements change frequently, and resource utilization is the most important consideration.
Harvesting Production GraphQL Queries to Detect Schema Faults
A new testing approach based on GraphQL queries that are logged while users interact with an application in production, and it is shown that production queries capture real usages of the application, and are known to trigger behavior that may not be tested by developers.


Result size calculation for Facebook's GraphQL query language
  • 2018
API Connect is making GraphQL safer for the enterprise
  • 2020
4Catalyzer/graphql-validation-complexity: Query complexity validation for GraphQL
  • GraphQL query complexity analysis and validation for graphql-js
  • 2019
An Empirical Study of GraphQL Schemas
It is reported that a majority of GraphQL APIs are susceptible to denial of service through complex queries, posing real security risks previously discussed only in theory.
GitHub -GraphQL API v4
  • GitHub -GraphQL Example Queries
  • 2019
GitHub ś GraphQL API v4
  • GitHub ś GraphQL Example Queries
  • 2019
GraphQL Docs: The Query and Mutation types
  • GraphQL Docs: Introspection
  • 2019
GraphiQL -An in-browser IDE for exploring GraphQL
  • 2019
GraphiQL ś An in-browser IDE for exploring GraphQL
  • 2019