Performance and Over/Under-Fetching Tests

πŸ“š QA Engineering πŸ“‚ Chapter 23: GraphQL API Testing πŸ“„ Lesson 23040 Advanced πŸ•’ March 17, 2026
πŸ“‹ Table of Contents β–Ύ
  1. Over-Fetching, Under-Fetching, and Query Cost
  2. Designing Performance-Oriented GraphQL Tests
  3. Common Mistakes

GraphQL’s flexibility can impact performance and resource usage in ways that differ from REST. Clients can accidentally or deliberately construct queries that over-fetch data, deeply nest relationships, or under-fetch and require many small follow-up queries. Testing for these patterns helps teams keep GraphQL APIs efficient and robust.

Over-Fetching, Under-Fetching, and Query Cost

Over-fetching happens when queries request far more fields or nested relationships than needed, increasing payload size and backend work. Under-fetching occurs when queries are too narrow, forcing multiple round trips to gather related data. Many teams introduce query cost analysis or depth limits to detect and control expensive queries.

# Example of a potentially expensive query

query DeepCustomerGraph($id: ID!) {
  customer(id: $id) {
    id
    name
    orders {
      id
      total
      items {
        id
        product {
          id
          name
          reviews {
            id
            rating
            comment
          }
        }
      }
    }
  }
}
Note: Not all deep queries are bad, but they should be justified by real use cases and tested for acceptable latency and resource consumption.
Tip: Work with developers to understand any query cost metrics or depth limits implemented on the server, and design tests that exercise both typical and boundary queries.
Warning: Unrestricted GraphQL endpoints can be abused with extremely deep or repetitive queries that act like denial-of-service attacks. Performance tests should explore these risks within safe limits.

Performance testing of GraphQL APIs can reuse many concepts from REST performance testing, such as measuring latency, throughput, and error rates under load. However, the mix of queries and their shapes matters more, because a few expensive queries can dominate resource usage.

Designing Performance-Oriented GraphQL Tests

Create representative query sets that mirror real client behaviour, including typical, heavy, and intentionally pathological queries. Measure response times and resource usage, and confirm that protections like timeouts, depth limits, and rate limiting behave as expected. Use these results to guide schema and resolver optimisations.

Common Mistakes

Mistake 1 β€” Testing performance only with trivial queries

This underestimates real-world load.

❌ Wrong: Load testing only a simple { ping } query.

βœ… Correct: Include complex, nested queries that resemble real usage.

Mistake 2 β€” Ignoring query complexity controls

Without limits, APIs may be vulnerable to expensive queries.

❌ Wrong: Never testing how the server handles deep or costly queries.

βœ… Correct: Design tests that approach or exceed configured limits and verify safe behaviour.

🧠 Test Yourself

What should performance-focused GraphQL tests consider?





πŸ“š More in this Tutorial Series

What Is Software Testing? Purpose, Goals and Why It Matters
The Seven Principles of Software Testing β€” ISTQB Foundation
Testing Mindset and Psychology β€” Thinking Like a Tester
Essential Testing Terminology β€” A Practical Glossary for QA Engineers
Testing in Practice β€” Putting Fundamentals to Work on a Real Project
What Is the Software Development Life Cycle (SDLC)? Phases and Purpose