⚡️ Pro Feature ⚡️ This feature is bundled with GraphQL-Pro.
After getting started, here some things to keep in mind.
With persisted queries, you can stop accepting arbitrary GraphQL input. This way, malicious users can’t run large or inappropriate queries on your server.
In short, you can ignore arbitrary GraphQL by skipping the first argument of
# app/controllers/graphql.rb # Don't pass a query string; ignore `params[:query]` MySchema.execute( context: context, variables: params[:variables], operation_name: params[:operationName], )
However, take these points into consideration:
If those apply to you, you can apply some logic to
# Allow arbitrary GraphQL: # - from staff users # - in development query_string = if current_user.staff? || Rails.env.development? params[:query] else nil end MySchema.execute( query_string, # maybe nil, that's OK. context: context, variables: params[:variables], operation_name: params[:operationName], )
Clients can only add to the database, but as an administrator, you can also archive or delete entries from the database. (Make sure you authorize access to the Dashboard.) This is a dangerous operation: by archiving or deleting something, any clients who depend on that data will crash.
Some reasons to archive or delete from the database are:
If this is true, you can use “Archive” or “Delete” buttons to remove things from production.
When an operation is archived, it’s no longer available to clients, but it’s still in the database. It can be unarchived later, so this is lower-risk than full deletion.
It’s on the road map to add a Ruby API to
OperationStore so that you can integrate it with your application. For example, you might:
If this interests you, please open an issue or email