|
|
|
|
|
|
by michaelghayes
1674 days ago
|
|
|
one popular option is to have a query whitelist, with arbitrary queries allowed either through special permissions, or just in development. setting up CI steps to auto-publish any queries used by your apps is usually pretty straight forward. this obviously only works for non-public APIs. Another common patter is to have a way to calculate query complexity, where each field had some cost, and some multiplier for list fields so you can calculate an approximate complexity before executing a query |
|
|