Define GraphQL endpoints

For API Gateway only

📘

Note

This task applies to API Gateway specifically. Your own selections will vary depending on your product.

If you’re using Graph QL and manage bot traffic or account protection, you need to define your API following a specific structure, and include operation names as part of your definition and in your request body. The operation name in the POST body of a GraphQL request uniquely identifies GraphQL protected endpoints.

  1. Enter a single API endpoint and add an API Resource for it.

  2. Turn on POST method for the resource.

  3. Under that method, add a parameter to specify the operation name. Create a parameter named Body then define the JSON/XML body format with the name: operationName

  4. For each unique operation, create a separate API Resource purpose selecting:

    • POST as the method.
    • the parameter for body/operationName and enter its value.

  5. In Bot Manager, you create a Protected Resource for each one.

  6. Pass the operation name in the POST body.

    The JSON in the POST body needs to pass the operation name—even for a single operation request—based on the following request format:

{
  query: "...",
  operationName: "..."
  variables: {var1: "value1", ...}

      An example POST body:

operationName: "prefetchPipClient"
query: "query prefetchPipClient($storeID: String, $zipCode: String, ...),"
variables: {dataSource: "catalog", storeId: "4876677", ...}

Did this page help you?