I have good experience of about 8 years working on Java.
After reading your project requirement, I have come across a few articles that would help you to do it.
I trust you that you would like to still take my advice after getting the info you need.
[login to view URL]
You would've to use some spring directives while making the connection to GraphQL to perform cost analysis, depth limitation and amount limitation.
You would not be able to do it just by plainly calling a GraphQL API.
Externally you need to implement a Load Balancer based rate limiter to impose limits on how many times your service is called. This is how you can protect your service from DDOS.