Define GraphQL endpoints
If you’re using GraphQL and manage bot traffic or account protection, you need to define your API following a specific structure, and include operation names as part of your definition and in your request body. The operation name in the POST body of a GraphQL request uniquely identifies GraphQL protected endpoints.
-
Enter a single API endpoint and add an API Resource for it.
-
Turn on POST method for the resource.
-
Under that method, add a parameter to specify the operation name. Create a parameter named
Body
then define the JSON/XML body format with the name:operationName
-
For each unique operation, create a separate API operation (formerly called resource purpose) selecting:
- POST as the method.
- the parameter for
body/operationName
and enter its value.
-
In Bot Manager, you create a Protected Resource for each one.
-
Pass the operation name in the POST body.
The JSON in the POST body needs to pass the operation name—even for a single operation request—based on the following request format:
{
query: "...",
operationName: "..."
variables: {var1: "value1", ...}
An example POST body:
operationName: "prefetchPipClient"
query: "query prefetchPipClient($storeID: String, $zipCode: String, ...),"
variables: {dataSource: "catalog", storeId: "4876677", ...}
Updated about 1 year ago