@ -1462,7 +1462,8 @@ This would have numerous benefits:
- some would argue this is less complex than designing a custom API.
This would have the following drawbacks:
- easy to design slow performing queries. Denial of Service risk, mitigated via strong rate limits (see [Github v4 API](https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api),
- easy to design slow performing queries which work well for small accounts but degrade on large accounts,
- Denial of Service risk, mitigated via strong rate limits (see [Github v4 API](https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api)),
- higher bandwidth costs than a custom API (both for requests and responses),
- easier to accidentally expose confidential information by not applying sufficient authentication checks,
- some would argue this is more complex than designing a custom API,