Define GraphQL endpoints

If you’re using GraphQL and manage bot traffic or account protection, you need to define your API following a specific structure, and include operation names as part of your definition and in your request body. The operation name in the POST body of a GraphQL request uniquely identifies GraphQL protected endpoints.

  1. Enter a single API endpoint and add an API Resource for it.

  2. Turn on POST method for the resource.

  3. Under that method, add a parameter to specify the operation name. Create a parameter named Body then define the JSON/XML body format with the name: operationName

  4. For each unique operation, create a separate API operation (formerly called resource purpose) selecting:

    • POST as the method.
    • the parameter for body/operationName and enter its value.

  5. In Bot Manager, you create a Protected Resource for each one.

  1. Pass the operation name in the POST body.

    The JSON in the POST body needs to pass the operation name—even for a single operation request—based on the following request format:

  query: "...",
  operationName: "..."
  variables: {var1: "value1", ...}

      An example POST body:

operationName: "prefetchPipClient"
query: "query prefetchPipClient($storeID: String, $zipCode: String, ...),"
variables: {dataSource: "catalog", storeId: "4876677", ...}