GraphQL Cost Estimator — Analyze Query Complexity and Depth
Assign custom field weights to a GraphQL schema and calculate the total query complexity score. Paste any GraphQL query, configure per-field costs, and get a per-field breakdown table showing depth, multipliers, and cumulative cost.
How to Use GraphQL Cost Estimator — Analyze Query Complexity and Depth
How to Use the GraphQL Query Cost Estimator:
Paste your GraphQL query: Enter any valid GraphQL query into the Query textarea on the left. The tool supports shorthand queries, named queries, mutations, aliases, fragments, inline fragments, and nested selection sets. Use the example buttons (Simple Query, Nested + Args, Social Graph) to load ready-made queries and see how the tool works.
Load a field weight preset: Click one of the three preset buttons above the Field Weights table — REST-like API, Social Graph, or E-Commerce — to load a pre-configured weight table suited to your API type. Each preset includes typical field names and their recommended complexity costs. You can edit any value after loading a preset.
Configure field weights: The Field Weights table maps each field name to a numeric cost. Fields with weight 0 are free (leaf fields like id, name). Fields like users or products get higher weights because they trigger database queries or joins. Use the field name input to match the exact name as it appears in your GraphQL schema. Click Add Field to add more rows, or the trash icon to remove a row.
Set the default weight: The Default Weight controls the cost assigned to any field not explicitly listed in the table. Set it to 0 if you only want to score specific fields, or to a small positive number (like 1 or 2) to count every unspecified field toward the total.
Understand argument multipliers: If a field has a count-style argument — limit, first, last, count, pageSize, size, or take — the estimator multiplies that field's base weight by the argument value. For example, users(limit: 10) with a weight of 10 contributes 100 to the total score. This models the real cost of fetching large result sets.
Click Calculate Cost: Press the Calculate Cost button to parse the query and compute the total complexity score. The tool builds a recursive AST from your query, resolves aliases and inline fragments, and walks the full field tree.
Read the total score and rating: The large score card shows the total complexity number along with a rating — Low (≤50), Medium (≤200), High (≤500), or Very High (>500). Use these thresholds as starting points and adjust them to match your API's capacity and rate limits.
Review the per-field breakdown table: The breakdown table shows every field in the query with its depth (indented visually), base weight, argument multiplier, and individual cost. Rows with high costs are easy to spot. Use this to identify which fields are driving the complexity and decide whether to reduce their weights, add caching, or impose argument limits.
Iterate on weights: Adjust field weights and re-run the calculation to find the right balance. You can set critical root fields (search, recommendations) much higher than scalar leaf fields. Fields that always return a single object (user, order) can have lower weights than list fields (products, posts) that scale with argument values.
Export or document thresholds: Copy the total score value to set a threshold in your GraphQL server middleware. Tools like graphql-cost-analysis, graphql-query-complexity, or GraphQL Shield use similar field-weight schemes. You can translate the weights and thresholds from this tool directly into your server configuration.
Common Use Cases:
- API rate limiting: Set a maximum complexity threshold (e.g., 500) and reject queries that exceed it
- Cost-aware caching: Prioritize caching for high-cost fields and queries
- Developer education: Show engineers which queries are expensive before they ship
- Security hardening: Prevent deeply nested or large-result queries from overloading your database
- Schema design reviews: Evaluate the cost implications of new field additions before release
- CI checks: Integrate complexity scoring into pull request checks for GraphQL schema changes
- Client SDK guidelines: Document complexity budgets so client teams know which queries to avoid
Tips and Best Practices:
- Start with a preset that matches your API type, then adjust individual field weights
- Set scalar leaf fields (id, name, email, createdAt) to 0 — they add no measurable database cost
- Give list-returning fields (users, posts, products) high base weights since they scale with result size
- Use argument multipliers for pagination — a field with limit=100 is 100× more expensive than limit=1
- A good starting threshold for a typical API is 200–500 total complexity points
- Treat the score as relative, not absolute — calibrate it against your real server performance
- Fields backed by full-text search or aggregation (search, analytics) should have the highest weights
- Nested list fields multiply — posts inside users inside feed compounds the cost exponentially
- Set up your production GraphQL server (Apollo, Yoga, Envelop) to enforce the same thresholds
- Re-run analysis after every schema change that adds new list fields or expensive resolvers
Frequently Asked Questions
Most Viewed Tools
Screen Size Converter — Diagonal Dimension Tool
Calculate screen width and height from diagonal size and aspect ratio. Convert between inches and centimeters for displays, TVs, and monitors with instant dimension calculations.
Use Tool →DPI Calculator — Print Resolution Tool
Calculate DPI (dots per inch), image dimensions, and print sizes. Convert between pixels and physical dimensions for printing and displays.
Use Tool →TOTP Code Generator — 2FA Testing Tool
Generate time-based one-time passwords from a TOTP secret key. Enter your base32 secret, choose a period and digit length, and get the current and next codes with a live countdown timer. Useful for testing and debugging 2FA integrations.
Use Tool →JSONL Formatter — Line-by-Line Validator
Format, validate, and inspect JSON Lines (JSONL) and NDJSON files. Validates each line individually, reports parse errors by line number, outputs compact JSONL or a pretty-print preview, and lets you download the cleaned file.
Use Tool →JSON to Zod — Schema Generator
Generate Zod validation schema code from a JSON sample object. Infers z.string(), z.number(), z.boolean(), z.array(), z.object(), and z.null() types automatically. Handles nested objects, arrays of objects with optional field detection, and outputs copy-ready TypeScript with import and z.infer type alias.
Use Tool →TLS Cipher Suite Checker — Strength Analyzer
Check TLS protocol version compatibility and cipher suite strength ratings against current best practices. Supports IANA and OpenSSL cipher names — rates each suite as Strong, Weak, or Deprecated and explains why.
Use Tool →Password Entropy Calculator — Crack Time Estimator
Calculate the information-theoretic bit entropy of any password or API key. Detects character set pools automatically, shows the total number of possible combinations, and estimates crack time across five attack scenarios from rate-limited web logins to GPU cracking clusters.
Use Tool →Secret Scanner — API Key & Credential Detector
Scan pasted text, code, or config files for accidentally exposed API keys, tokens, passwords, and private keys. Detects 50+ secret types across AWS, GitHub, Stripe, OpenAI, and more — all client-side, nothing leaves your browser.
Use Tool →Related API & Backend Tools
GraphQL Subscription Builder — Generate WebSocket Payloads and Client Queries
Build GraphQL subscription query strings and generate WebSocket connection code snippets for Apollo Client, urql, and graphql-ws. Define your operation name, variables, and selection fields visually, then copy the ready-to-use code.
Use Tool →API Latency Budget Calculator — Plan Distributed System Performance
Set a P99 SLO latency target and distribute the budget across your upstream service dependencies. See remaining headroom, utilization percentage, a stacked allocation bar, and a per-service breakdown with optional P99 actual measurements.
Use Tool →REST Endpoint Documenter — Markdown Doc Generator
Document a REST endpoint quickly by entering the URL, method, headers, and sample request/response. Generates formatted Markdown documentation and an example cURL command instantly.
Use Tool →OpenAPI Spec Validator — Swagger Compliance Checker
Validate OpenAPI 2.0 (Swagger) and OpenAPI 3.0/3.1 specification files for compliance, missing required fields, unresolved $ref paths, and schema errors. Paste JSON or YAML or upload a file — errors and warnings are listed by path with severity levels and actionable fix suggestions. All validation runs entirely in your browser.
Use Tool →API Gateway Rate Limiting Calculator — Model RPS, Burst, and Token Buckets
Calculate token bucket size and refill rate from RPS targets for API gateway throttling. Enter your steady-state requests per second, burst multiplier, and average response time — the calculator outputs the bucket capacity, refill rate, per-minute and per-hour quotas, and concurrent connection estimate. Generates ready-to-paste throttling config for AWS API Gateway, Kong, and Nginx. Free and runs entirely in your browser.
Use Tool →AMQP Exchange Configuration Simulator — Map Routing Keys and Queue Bindings
Generate RabbitMQ channel declaration code for Node.js (amqplib) and Python (pika). Select an exchange type, configure durability and options, add queue bindings with routing keys, and instantly get production-ready assertExchange and bindQueue calls. Supports all four exchange types: direct, fanout, topic, and headers. Four presets cover the most common RabbitMQ patterns. Free and runs entirely in your browser.
Use Tool →HTTP Headers Generator — Auth & Security Builder
Generate common HTTP request headers for authentication, content-type, caching, and security. Toggle each category, configure values, and copy the output as raw key-value pairs, JSON, fetch(), cURL, or axios.
Use Tool →CORS Header Generator — Cross-Origin Config Tool
Build CORS configuration headers interactively for web servers and APIs. Set allowed origins, methods, request headers, credentials, and preflight cache duration — then copy the generated Access-Control headers or ready-to-paste code snippets for nginx, Express.js, Flask, and .NET.
Use Tool →Share Your Feedback
Help us improve this tool by sharing your experience