Production readiness checklist
Use this checklist to identify potential gaps before your graph handles production traffic
We recommend that you read through this checklist and identify critical features for your team before your supergraph begins handling production traffic.
GraphOS Studio
- Ensure that you've created multiple variantsto represent the different environments where your supergraph runs (for example, production, staging, and development).
- Protect your production variantto avoid accidental changes while working in Studio.
Apollo Router
- Ensure that you've correctly configured managed federationandGraphOS schema usage reporting.
- For security, turn off introspectionfor all production routers (by default the router disables introspection, but make sure you are not using
--devmode).- You can continue to view and fetch your GraphQL schemas from GraphOS and run operations from GraphOS Studio Explorer.
- You can continue to view and fetch your GraphQL schemas from GraphOS and run operations from
- Configure the router traffic shapingfeatures:
- Set request and subgraph level timeouts and rate limits
- Deduplicate subgraph requests
- Communicate with subgraphs using APQ
- Enable operation limitsto block large and malicious requests
- Configure additional tracing, metrics, and loggingthrough OpenTelemetry or Prometheus
- Enable the operation and query plan distributed cache
- Optionally, enable any other featuresdeemed critical for your deployment of Apollo Router
Subgraphs/servers
- For security, turn off introspectionfor all production GraphQL subgraphs.
- You can continue to view and fetch your GraphQL schemas from GraphOS and run operations from GraphOS Studio Explorer.
- You can continue to view and fetch your GraphQL schemas from GraphOS and run operations from
- Ensure that you've integrated and
rover subgraph checkinto your CI/CD pipeline.rover subgraph publish - If your subgraph servers are listed as compatible with, ensure that you've enabled
FEDERATED TRACINGfederated traces, and that you can view operation metrics as expected in Apollo Studio.- Enable fractional trace sampling viato reduce performance hits due to tracing.
fieldLevelInstrumentation
- Enable
- Ensure that you've load-tested your graph.
- Test loads should be representative of your current traffic (both in terms of volume and in terms of the actual operations you execute in the test).
- To investigate performance issues, use Apollo Studio to identify which operations are performing slowly.
- Look at resolver execution times to identify slow areas of execution.
- Whenever possible, avoid making multiple calls to data sources within a single resolver.
- Understand query plan executionto help understand slow operations and optimize your supergraph to avoid them.
- Consider adding caching layers.
- Apollo Server supports automatic persisted queries (APQ)out of the box.
- If using Apollo Server, ensure that you use a distributed caching systemfor APQ in production to avoid cache inconsistency across server instances.
- Optionally use the to enable your CDN to cache APQ GET requests using the
@cacheControldirectiveCache-Controlheader.
- If using Apollo Server, ensure that you use a
- Optionally add full response cachingto improve performance.
- Apollo Server supports
Clients
- Ensure that your clients identify themselvesby name and version.
- If you're using an Apollo Client library, you can add a client name and version to the constructor.
- For example, the React client uses thein the constructor options.
nameandversionattributes - If you're using a third-party GraphQL client, set the
apollographql-client-nameandapollographql-client-versionHTTP headers for each request to identify your client. - For an example of enforcing client identification in your gateway, see this tech note for Client ID enforcement.
- Consider adding caching layers.
- Enable Persisted Queries and/or Automatic Persisted Queries (APQ)support for request-size savings.
- Enable and configure the client side normalized cache
- Enable