Multiple mechanisms provided by Gato GraphQL to help protect your data.
Create and expose multiple custom GraphQL schemas under their own URL, and grant access to each of these endpoints to some specific target.
Persisted queries are normal GraphQL queries, however they are stored in the server and accessed under their own URL, thus emulating a REST endpoint.
Gato GraphQL ships with predefined Persisted queries, which tackle several admin tasks that are common to many WordPress sites.
In addition to creating and exposing public endpoints, we can also create private endpoints, and protect a public endpoint with a password.
An internal GraphQL endpoint is accessible within the wp-admin only, to allow developers to fetch data for their Gutenberg blocks.
An API may expose several endpoints which are somehow related to each other, and which may execute a similar query. Through the API Hierarchy we can define a structure for endpoints.
When creating a Custom Endpoint or Persisted Query, we can add a 'GraphQL endpoint category' to it, to organize all of our endpoints.
Schema namespacing enables to avoid conflicts in the schema, by having all type names namespaced.
Nested mutations make the schema more logical and browsable, by enabling to perform mutations on any type, and not only on the root type.
The GraphQL schema must strike a balance between public and private data, as to avoid exposing private information in a public API.
Global fields are fields that are accessible under every single type in the GraphQL schema (while being defined only once).
A composable directive can augment another directive to modify its behavior or fill a gap. This removes the need to duplicate fields or directives just to change their input or return types, avoiding bloat.
Have directives applied to multiple fields (instead of only one), for performance and extended use cases.
Mutation fields can be configured to return either a payload object type, or directly the mutated entity.
Version fields and directives independently from the schema.
Use the top-level entry 'extensions' to send data concerning deprecations and warnings in the response to the query.
The GraphQL endpoint, which can return any piece of data accessible through the schema, could potentially allow malicious actors to retrieve private information. Hence, we must implement security measures to protect the data.
Control the desired behavior when a user without access to some field or directive in the schema attempts to access it.
Because persisted queries can be accessed via GET, their response can be cached through standard HTTP caching.
Query batching enables the GraphQL server to execute multiple queries in a single request, but those queries are merely executed one after the other, independently from each other.
Deprecation is standard GraphQL behavior, but is normally executed via code. Through Gato GraphQL's Field deprecation user interface, we can already deprecate fields, without the need to deploy any code.
With Field to Input, we can obtain the value of a field, manipulate it, and input it into another field, all within the same query.
The GraphQL schema is provided with fields which expose functionalities commonly found in programming languages (such as PHP).
The GraphQL schema is provided with directives which expose functionalities commonly found in programming languages (such as PHP).
The GraphQL schema is provided with global fields to execute HTTP requests against a webserver and fetch their response.
Grant non-admin users access to the GraphiQL and Interactive schema clients in the admin, and to access the different screens in Gato GraphQL.