Graphql Headers and Complexity Rate Limits

I have 2 questions here related to GraphQL Content Delivery API:

  1. Referral Header: In a prior thread on this forum, you suggested to add a referrer header track where the API calls were coming from. What is the format of the header so Dato can track it? I don’t see it anywhere in the docs. We added X-Referrer, but that doesn’t do anything. Can you provide some type of example?

  2. Complexity Limit: I was shocked to learn today after perusing thru the docs that there is some new and nearly impossible to understand rate limit based on complexity that will go live on June 13. Honestly, the calculation for complexity is impossible to understand and we have no idea how this will effect us. Unless I am missing something, running a query in the CDA playground doesn’t appear to provide any data whatsoever on complexity, so how do you expect anyone to understand the complexity of a query? Is the complexity a one-time calculation or is it a running total? When is the complexity error triggered? It’s not at all clear. Why can’t you add this to the CDA? Also, your docs say: “Take a look at the “Plan and usage” section of your project in the Account dashboard to understand which is your complexity limit.” We have no such thing about complexity in our dashboard. Please provide more help with this complexity. I don’t even understand the point of it anyway actually. Nobody calcuclates Graphql queries this way and there should be easier ways to control requests on your end without making this a total black box.

I’d also mention that GraphlQl requests do not return any such headers as X-Complexity or X-Max-Complexity as your docs suggest. We only get back our data, and never see such headers in any response.

1 Like

In my case answering these questions is pressing since I’ve been notified one of our queries is way above the limit, so I only have a few days to figure this out …

my questions are:

  • is the limit cumulative and on what basis (monthly? unclear)
  • when will the UI bits mentioned in documentation arrive? (plan complexity limit, project complexity usage)
  • can you provide an example of using a header to track api calls (to make it easier to track down the problematic queries)?

By the way, in our experience we do get X-Complexity and X-Max-Complexity headers back from a content delivery api query, those do exist

Yeah, we figured out how to get the headers back by just running an API call in postman. But, in an actual repo (using NextJs) this is doable, but a pain, as you are generally just getting the data results. Anyway, hopefully they can actually provide some better tools for complexity, b/c right now it’s basically a black box. They should have something in the CDA explorer/playground which tells you your score as you write/test queries. I just put in a feature request for this. Please vote for it, if you can. Add Complexity Score in CDA Playground Page

Be glad to

So to preempt the people at Dato’s response to us a little bit, one thing both you and I can do is to cache the result of expensive queries; we’ve already compiled a list of complexity scores, so now we can set about caching them on some frequency that makes sense for our use cases. Hopefully that’s something you can do as well

Honestly, my plan is similar, I’ll probably just run a query from Dato, and store data in Cloudflare KV and read it from there. I’m growing really tired of all these vendors adding API limits for no real reason and breaking stuff. KV is very cheap and seems to work well. I think Dato already caches at Cloudflare b/c their headers include a reference to Cloudflare? I’m curious actually how Dato is caching these queries and as they are, why does complexity even matter?

I don’t begrudge the idea of a complexity limit, it’s a sensible idea (if you ran an API, you would be interested in rate-limiting it, and if you ran some GQL resolver you’d rather it wasn’t unresponsive through overuse).

But I think 1. the announcement could have used a few more details and 2. if you say some UI exists, it should exist, or the fact that it doesn’t should be explained.

I use KV as a cache myself for some things – you could set Cloudflare to cache the result of that query instead and that’s what Cloudflare recommends, but in my case I went with KV and yeah it does work for that purpose.

Hello @osseonews and @chowells

Reading the thread it seems like the complexity header issue was solved.
Regarding the complexity score in the CDA Explorer, its something we are working on implementing at the moment

And one thing that seem to be miss understood from the docs, and we’ll update it to clear this up:
The complexity is not in any way cumulative or added from request to request, it is just a limit of how much complexity a single request can have. That is, if a single request to dato has a way to long, or way too computationally complex query (that is, if that specific request has a X-Complexity higher than the X-Max-Complexity it would have to be split into less complex requests)
This is not affected in anyway by the times a request is made, or is not attached to how many requests are made to Dato. As long as all requests are below the X-Max-Complexity, you can make as many requests as you’d like to Dato, and the complexity won’t “add up”. If an individual request has a complexity score above the X-Max-Complexity, it will start returning an error from the 12th, and it will have to be broken down into less complex requests

So adding a cache solution will not interfere in anyway the complexity of a call.

In my case I have a limit of 10000000 (10M), and a ‘max usage logged’ of 81802859116 (which I assume is for the plan, even though these numbers were reported to me in the context of a project).

So you’re saying there’s some query we’re running with a complexity score of 81B+?

In our testing we haven’t found any query beyond 5K, so I’m not sure how to interpret what you’re saying, unless we’re missing some astronomically-expensive query.

@chowells can you send us the project URL and ID to us at so we can take a look at this max usage logged?

No problem, just sent with a subject of ‘GraphQL complexity question via Community’

Is there any way to get a warning about complexity or something? We can’t figure this thing out at all, despite spending a ton of time on it. It’s very opaque. We literally have no idea if our graphql queries will function normally or not. Can’t you have something in the dashboard that notifies a user when a specific query is rejected or not? Just throwing it back at us to tell us to look at the headers when they are returned is not really viable. Am I missing something or is there no log for the CDA queries anywhere to see what was sent, rejected etc?

1 Like

@osseonews if you emit, or have ever emitted in the past a query with a complexity score higher than the limit you will receive an email indicating that to you, if you haven’t received any emails warning you, then all of your queries are under the limit and you have nothing to worry about.

@m.finamor Thank you! That is exactly what I needed to know. BTW, you should put that in the docs. Would have at least saved us hours of work, if we knew that we would get an email for complexity limits.

Hey @osseonews, about your question:

you should add the standard HTTP referer header: Referer - HTTP | MDN

Instead about the complexity limit, it’s not something we are introducing that it wasn’t there before. We have changed the complexity algorithm as the one before wasn’t accurate enough. So it shouldn’t come as a surprise, the limit is actually higher than before in many contexts, while it might be lower in others, but on average it should be higher.

Your suggestions to make it easier to read are taken, we’ll try to add it to the API Playground it makes sense to have there. Thank you for the suggestion!