Configuring the plugin
Configuring the pluginBrowsing, enabling and disabling modules

Browsing, enabling and disabling modules

All functionality in Gato GraphQL is provided through modules. Access them by clicking on "Modules" on the plugin's menu:


Every module can be either enabled or disabled. Their state is visible in the table:

  • Enabled modules have a colored background
  • Disabled modules have a white background

Enabling/disabling a module

When hovering the mouse over the name of a disabled module, a link "Enable" will be made visible. Clicking on it will enable the module:

Enabling a module

Likewise, hovering the mouse over the name of an enabled module, a link "Disable" will be made visible. Clicking on it will disable the module.

In batch

Alternatively, we can select the checkbox for every module, and select "Enable" or "Disable" from the "Bulk actions" dropdown:

Disabling modules in bulk

Disabling modules in public and private endpoints

Disabling modules allows us to either remove some functionality from the GraphQL server (eg: the single endpoint), or remove some element from the GraphQL schema (eg: a type, a field, or a directive).

"Schema modules" are those modules that add types/fields/directives to the GraphQL schema (to be found under categories "Schema Type" and "Schema Directive" in the Modules page). We can increase the security of the GraphQL API by disabling all the "Schema modules" that are not needed, as data that must not be consumed is never exposed in first place.

For instance, when disabling the "Users" module, the user fields (QueryRoot.users,, and others) will be removed from the GraphQL schema.

As such, disabling endpoints (as explained in the previous section) always takes effect in the public endpoints:

  • Single endpoint
  • Custom endpoints
  • Persisted queries

However, we may only want to limit access to the "Schema modules" to visitors (i.e. on public endpoints), but not to the admin of the site on private endpoints, as to not restrict the ability to access the full GraphQL schema for executing internal tasks.

The private endpoints are:

  • Endpoint wp-admin/edit.php?page=graphql_api&action=execute_query (which powers the admin's GraphiQL and Interactive Schema clients, and can be invoked in the WordPress editor to feed data to blocks)
  • Custom private endpoints (also used to feed data to blocks, but allowing you to lock its configuration via PHP hooks)
  • GraphQL queries executed internally (via class GraphQLServer in PHP)

To have the "Schema modules" also be disabled on the private endpoints, we must configure it on "Plugin Configuration > Private Endpoints" tab on the Settings page, by checking item "Disable "Schema modules" in the private endpoints?"

Disabling modules in bulk

Module dependencies

Every module can have a dependency on another module. In that case, if the depended-upon module is disabled, its dependants also get disabled.

This information is visible on column "Depends on" on the modules table:

Module dependencies

For instance, if module "Schema Configuration" is disabled, module "Schema Namespacing" will also be disabled.

Filtering modules

Modules are grouped by categories:

  • Plugin Management
  • Endpoint
  • Schema Configuration
  • Access Control
  • Versioning
  • User Interface
  • Performance
  • Operational
  • Client
  • Schema Type

Clicking on any category, will only display the corresponding modules.

Filtering modules

Viewing the module's documentation

We can read the documentation for a module by clicking on link "View details" below the module's description:

Viewing module documentation

Accessing the module's settings

When hovering on the module's name, a link "Settings" will become visible (unless the module has no settings).

Clicking on it will open the Settings page, focused on the module's tab:

Accessing a module's settings