[arpinum]

Squidex is MIT license and has reasonable pricing for their cloud offering, also has graphQL support and more feature rich.

[nuffz]

Last time I tried squidex the GraphQL APIs weren’t working. I think they are also removing support for their immature GraphQL mutations.

[everdev]

I'm not a fan of pricing with operation limits. 100k API calls per month? What happens in a DoS situation? If it's self-hosted I can blacklist and keep the app running for other users. For a surge in traffic, I can spin up other containers and scale. With managed hosting, my bill can go through the roof, or the the entire app gets shut down.

[ltrcola]

Ideally, a spike in traffic to your site shouldn't result in taking down your CMS. That's why static site generators are so popular.

[everdev]

Exactly, but many of these 3rd party services charge per API request, which can either shut down your service or spike your bill during heavy traffic.

[ltrcola]

Not sure if I communicated what I meant. I think if I was going to set up something using a headless CMS, I would integrate it with a project like React Static. When a user publishes something in the CMS, it would trigger a build of the generator that would result in putting some files out in S3 or something equivalent.

That way if you see a traffic spike or a DDoS attack, it's directed only towards static files on S3 and you can let Amazon take care of it. I don't want to be too critical of how people have things set up because I'm sure they have their reasons, but that said I don't think a page request on your site should map directly to an API request to the CMS.