{"type":"video","version":"1.0","html":"<iframe src=\"https://www.loom.com/embed/d8cad282221149a28ffd3710629c421e\" frameborder=\"0\" width=\"1470\" height=\"1102\" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>","height":1102,"width":1470,"provider_name":"Loom","provider_url":"https://www.loom.com","thumbnail_height":1102,"thumbnail_width":1470,"thumbnail_url":"https://cdn.loom.com/sessions/thumbnails/d8cad282221149a28ffd3710629c421e-baa5733afe05da30.gif","duration":209.08,"title":"Rate Limiting GraphQL Operations with Zuplo","description":"In this Loom, I walk through a GraphQL use case where it is hard to match at the CDN layer because the operation is inside the GraphQL POST body. Using Zuplo with TypeScript programmability, I parse the request body, extract the operation name, and apply different rate control thresholds per operation. I show user login at 10 requests per minute and get pricing at 20 requests per minute, without opening a gaping hole by rate limiting the entire GraphQL endpoint. I also note you need to forward the true client IP header through Akamai to build the correct rate key. No action is explicitly requested, but feel free to reach out with questions."}