Gato GraphQL logo



Multiple mechanisms have been put in place to help protect your data:

πŸ‘‰πŸ½ Expose pre-defined data through persisted queries, and avoid granting public access to the single endpoint.

πŸ‘‰πŸ½ Create custom endpoints, accessible only to the intended target user or application

πŸ‘‰πŸ½ The single endpoint, and clients to interact with it, are disabled by default.

πŸ‘‰πŸ½ Which settings (from table wp_options) and meta values (from tables wp_postmeta, wp_usermeta, wp_commentmeta and wp_taxonomymeta) can be queried must be explicitly defined in the configuration.

πŸ‘‰πŸ½ Some fields and input fields are exposed as β€œsensitive” data elements", as to provide access to private data, but have it disabled by default: public data (eg: posts) is accessible by default, private data from the user (myPosts) is available to the logged-in user, and input status in field posts(filter:) (to retrieve non-published posts) is accessible only if explicitly enabled.