Home

GraphQL Disable Introspection

Disables introspection queries on your API. This is useful in production to prevent attackers from learning about your API. You can still keep introspection enabled for any request not going through Zuplo.

Configuration#

{
  "name": "my-graphql-disable-introspection-inbound-policy",
  "policyType": "graphql-disable-introspection-inbound",
  "handler": {
    "export": "GraphQLDisableIntrospectionInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {}
  }
}

Options#

  • name the name of your policy instance. This is used as a reference in your routes.
  • policyType the identifier of the policy. This is used by the Zuplo UI. Value should be graphql-disable-introspection-inbound.
  • handler/export The name of the exported type. Value should be GraphQLDisableIntrospectionInboundPolicy.
  • handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
  • handler/options The options for this policy:

    GraphQL Disable Introspection

    This policy allows you to disable introspection queries on your API. Any introspection query will be blocked with a 403 Forbidden response.

    Was this article helpful?

    YesNo
    Do you have any questions?Contact us
    Check out ourproduct changelog