JanusQL a tool for performance and security metrics for GraphQL API’s.

Why JanusQL?

JanusQL is a product of necessity intended to make developers’ lives easier and their applications safer and more performant. GraphQL was released in 2015, and has exploded in popularity as an efficient and beautiful query language that offers an excellent alternative to traditional REST APIs. Yet, minimal options exist for performance testing and even fewer solutions are available for security testing. The team at OSLabs beta application JanusQL wanted to solve these problems by developing a solution that offers both.

What metrics do you offer for performance testing?

The first and most necessary metric needed for developers interested in maximizing their GraphQL performance is tracking response time in milliseconds for a given query. Response time for GraphQL often lags a bit behind REST APIs, making this metric even more significant for developers. GraphQLs speed downsides are a well known fact that developers balance when choosing what technologies to implement. Often, request and response validation and support for partial responses outweighs the potential decrease in speed that is a necessary part of these additional functionalities. But, being able to easily keep track of applicable speed metrics is critical in making that decision.

JanusQL offers an intuitive GUI for tracking performance and security of GraphQL API responses.
An intuitive GUI makes tracking GraphQL performance and security metrics easy.

The next metric JanusQL identified as critical was response time variation based on query load. This load test metric is easily folded into JanusQL’s GUI in the form of data visualizations that make it intuitive to see how response times vary based on request load. Load testing is based on 50 query blocks that provides excellent information on response time.

JanusQL provides metrics for query response overhead in kilobytes.

Another of the most critical performance issues that developers using GraphQL need to keep watch over, is query framework overhead. JanusQL does this by providing the amount of memory used by a query response in kilobytes. Size of query responses can be a subtle yet significant contributor to performance. GraphQL does additional processing to resolve and validate every field in a response. Additionally, more processing is necessary to parse and validate the request itself. This overhead only gets more impactful as the size of the data being returned grows. This aspect of GraphQL leads us directly into the necessity for security testing.

Response time can be tracked per query and load testing is based on 50 query blocks.

How does JanusQL help with security?

Denial-of-service attacks (DoS attacks) are one of the main security vulnerabilities of GraphQL. API performance issues are typically caused by poorly implemented or malicious queries. Developers need to take care with how they implement rate limiting to avoid performance issues and to make DoS attacks limited in scope. JanusQL wanted to address this critical issue in an approachable way choosing a simple pass/fail rating as well as offering suggestions for fixes to improperly configured rate-limiting for nested queries. This feature is currently in Beta.

JanusQl offers security testing to determine if rate limiting is properly implemented in GraphQl to protect against potential malicious queries.

Does JanusQL offer a history of user performance tests?

Yes! For each session, query and performance history is saved with Redis. The benefit of this is that users will have no need to duplicate tests. A user can initiate one test and all relevant metrics will be saved automatically for the duration of their session. Users can review those metrics for comparison across queries. This is one of the features we are most excited about! This feature is currently in Beta.

How do I use JanusQL?

If you would like to use JanusQL for your project, just head over to our GitHub to download it and follow the instructions.

Who built JanusQL?

JanusQL operates under tech accelerator OSLabs and is comprised of open source software engineers:

Adrian Inza-Cruz — @ainzacruz | LinkedIn

Kim Chiu — @kimchiuu | LinkedIn

Lucas Mobley — @lucasmobley | LinkedIn

Phillip Kekoa Bannister — @phillipkb | LinkedIn

Tammy Le — @letammy979 | LinkedIn

Read more about JanusQL.

Sign up for our mailing list.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store