Define GraphQL endpoints

For API Gateway only



This task applies to API Gateway product only. Your own selections will vary depending on your product.

If you’re using GraphQL and manage bot traffic or account protection, you need to define your API following a specific structure, and include operation names as part of your definition and in your request body. The operation name in the POST body of a GraphQL request uniquely identifies GraphQL protected endpoints.

  1. Enter a single API endpoint and add an API Resource for it.

  2. Turn on POST method for the resource.

  3. Under that method, add a parameter to specify the operation name. Create a parameter named Body then define the JSON/XML body format with the name: operationName

  4. For each unique operation, create a separate API Resource purpose selecting:

    • POST as the method.
    • the parameter for body/operationName and enter its value.

  5. In Bot Manager, you create a Protected Resource for each one.

  6. Pass the operation name in the POST body.

    The JSON in the POST body needs to pass the operation name‚ÄĒeven for a single operation request‚ÄĒbased on the following request format:

  query: "...",
  operationName: "..."
  variables: {var1: "value1", ...}

      An example POST body:

operationName: "prefetchPipClient"
query: "query prefetchPipClient($storeID: String, $zipCode: String, ...),"
variables: {dataSource: "catalog", storeId: "4876677", ...}