<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin="true"/><link href="/geist/stylesheet.css" rel="stylesheet"/><link href="/geist-mono/stylesheet.css" rel="stylesheet"/><link rel="canonical" href="https://inigo.io/blog/how_threat_actors_fingerprint_your_graphql_apis"/><link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"/><link rel="manifest" href="/site.webmanifest"/><link rel="mask-icon" href="/safari-pinned-tab.svg" color="#042866"/><meta name="msapplication-TileColor" content="#da532c"/><meta name="theme-color" content="#ffffff"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta name="robots" content="index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1"/><link rel="shortlink" href="https://inigo.io/"/><title>How threat actors fingerprint your GraphQL APIs<!-- --> | Inigo<!-- --></title><meta property="description" content="How threat actors fingerprint your GraphQL APIs"/><meta property="og:locale" content="en_US"/><meta property="og:type" content="website"/><meta property="og:title" content="How threat actors fingerprint your GraphQL APIs"/><meta property="og:description" content="How threat actors fingerprint your GraphQL APIs"/><meta name="keywords" content="GraphQL tracing, GraphQL errors, GraphQL schema, GraphQL playground, GraphQL observability, GraphQL analytics, GraphQL security, GraphQL apollo alternative, GraphQL rate limiting"/><meta property="og:site_name" content="Inigo"/><meta property="og:image" content="/img/strapi/How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp"/><meta name="article-published_time" property="article:published_time" content="2022-09-06T00:00:00.000Z"/><meta name="article-modified_time" property="article:modified_time" content="2023-09-11T15:25:28.846Z"/><meta name="publish_date" property="og:publish_date" content="2022-09-06T00:00:00.000Z"/><meta name="author" property="og:author" content="Shahar Binyamin &amp; Inigo team"/><meta property="og:image:width"/><meta property="og:image:height"/><meta property="og:image:type" content="image/png"/><meta property="og:url" content="https://inigo.io/blog/how_threat_actors_fingerprint_your_graphql_apis"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="How threat actors fingerprint your GraphQL APIs"/><meta name="twitter:description" content="How threat actors fingerprint your GraphQL APIs"/><meta name="twitter:image" content="/img/strapi/How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp"/><meta name="twitter:image:src" content="/img/strapi/How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp"/><meta name="next-head-count" content="39"/><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin /><link rel="preload" href="/_next/static/css/8b1585d70dcaca9d.css" as="style"/><link rel="stylesheet" href="/_next/static/css/8b1585d70dcaca9d.css" data-n-g=""/><link rel="preload" href="/_next/static/css/e7be7b782f942680.css" as="style"/><link rel="stylesheet" href="/_next/static/css/e7be7b782f942680.css" data-n-p=""/><link rel="preload" href="/_next/static/css/c798ade0a54cee43.css" as="style"/><link rel="stylesheet" href="/_next/static/css/c798ade0a54cee43.css" data-n-p=""/><link rel="preload" href="/_next/static/css/74df91f10f659d7c.css" as="style"/><link rel="stylesheet" href="/_next/static/css/74df91f10f659d7c.css"/><link rel="preload" href="/_next/static/css/768bc07f6c9a9f29.css" as="style"/><link rel="stylesheet" href="/_next/static/css/768bc07f6c9a9f29.css"/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-5cd94c89d3acac5f.js"></script><script defer="" src="/_next/static/chunks/767-b19ff43fb6ca6cf9.js"></script><script defer="" src="/_next/static/chunks/352.2a7f5aa79cbcfcca.js"></script><script defer="" src="/_next/static/chunks/333.6df932fa345befef.js"></script><script src="/_next/static/chunks/webpack-786cb7ad8aa62992.js" defer=""></script><script src="/_next/static/chunks/framework-087e577bf6ac2de7.js" defer=""></script><script src="/_next/static/chunks/main-7d97e9e1bd3f6e9a.js" defer=""></script><script src="/_next/static/chunks/pages/_app-82101de9b8dc67c2.js" defer=""></script><script src="/_next/static/chunks/75fc9c18-6b37f4b68d337d33.js" defer=""></script><script src="/_next/static/chunks/248-f183e13e5e893106.js" defer=""></script><script src="/_next/static/chunks/61-cf831fc6a2d2684d.js" defer=""></script><script src="/_next/static/chunks/840-9397f05eae77152b.js" defer=""></script><script src="/_next/static/chunks/pages/blog/%5Bpid%5D-05725f727f57cdb9.js" defer=""></script><script src="/_next/static/lHJPeAsQX3aPSdI1hq6Lv/_buildManifest.js" defer=""></script><script src="/_next/static/lHJPeAsQX3aPSdI1hq6Lv/_ssgManifest.js" defer=""></script><script src="/_next/static/lHJPeAsQX3aPSdI1hq6Lv/_middlewareManifest.js" defer=""></script><style data-href="https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap">@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrFJM.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9V1g.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6V1g.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7V1g.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJnecnFHGPezSQ.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9Z1JlFd2JQEl8qw.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1JlFd2JQEl8qw.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1JlFd2JQEl8qw.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}</style><style data-href="https://fonts.googleapis.com/css2?family=Roboto+Mono:wght@400;500&display=swap">@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vqPQA.woff) format('woff')}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_7PqPQA.woff) format('woff')}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSV0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSx0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSt0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSd0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSZ0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0me8iUI0.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSV0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSx0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSt0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSd0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSZ0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0me8iUI0.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}</style><style data-href="https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@600;700&display=swap">@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkw.woff) format('woff')}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkw.woff) format('woff')}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmhdu3cOWxy40.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwkxdu3cOWxy40.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmxdu3cOWxy40.woff2) format('woff2');unicode-range:U+1F00-1FFF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdu3cOWxy40.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhdu3cOWxy40.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxdu3cOWxy40.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmxdu3cOWxy40.woff2) format('woff2');unicode-range:U+1F00-1FFF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRdu3cOWxy40.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}</style></head><body><div id="__next"><div id="header" class="Header_header__za8ic light"><div class="container Header_headerContainer__DDpCs"><a class="Header_logo__Nk2PP" style="display:flex;align-items:center;mask:url(/img/logo.svg) no-repeat center / contain;-webkit-mask:url(/img/logo.svg) no-repeat center / contain" href="/"><img width="102" height="32" alt="Inigo Logo" style="cursor:pointer;opacity:0" src="/img/logo.svg"/></a><div class="Header_navigation__LMP4c"><div class="Header_popoverMenu__BdAVY"><div class="Header_popoverMenuChildren__ASZvh"></div></div><div class="Header_item__sNSbg"><h3 class="Header_link__7jyD0" style="cursor:auto;user-select:none">Product<!-- --><svg style="margin-left:8px" width="12" height="12" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M14.7216 5.63282L8.67216 11.7199C8.30094 12.0934 7.69906 12.0934 7.32784 11.7199L1.27842 5.63282C0.907194 5.25929 0.907194 4.65368 1.27842 4.28015C1.64964 3.90662 2.25151 3.90662 2.62273 4.28015L8 9.69084L13.3773 4.28015C13.7485 3.90662 14.3504 3.90662 14.7216 4.28015C15.0928 4.65368 15.0928 5.25929 14.7216 5.63282Z" fill="currentColor"></path></svg></h3></div><div class="Header_item__sNSbg"><h3 class="Header_link__7jyD0" style="cursor:auto;user-select:none">Solutions<!-- --><svg style="margin-left:8px" width="12" height="12" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M14.7216 5.63282L8.67216 11.7199C8.30094 12.0934 7.69906 12.0934 7.32784 11.7199L1.27842 5.63282C0.907194 5.25929 0.907194 4.65368 1.27842 4.28015C1.64964 3.90662 2.25151 3.90662 2.62273 4.28015L8 9.69084L13.3773 4.28015C13.7485 3.90662 14.3504 3.90662 14.7216 4.28015C15.0928 4.65368 15.0928 5.25929 14.7216 5.63282Z" fill="currentColor"></path></svg></h3></div><div class="Header_item__sNSbg"><a href="/pricing"><h3 class="Header_link__7jyD0">Pricing</h3></a></div><div class="Header_item__sNSbg"><a target="_blank" href="https://docs.inigo.io"><h3 class="Header_link__7jyD0">Docs</h3></a></div><div class="Header_item__sNSbg"><a href="/blog"><h3 class="Header_link__7jyD0 Header_active__ArEjA">Blog</h3></a></div><div class="Header_item__sNSbg"><h3 class="Header_link__7jyD0" style="cursor:auto;user-select:none">Learn<!-- --><svg style="margin-left:8px" width="12" height="12" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M14.7216 5.63282L8.67216 11.7199C8.30094 12.0934 7.69906 12.0934 7.32784 11.7199L1.27842 5.63282C0.907194 5.25929 0.907194 4.65368 1.27842 4.28015C1.64964 3.90662 2.25151 3.90662 2.62273 4.28015L8 9.69084L13.3773 4.28015C13.7485 3.90662 14.3504 3.90662 14.7216 4.28015C15.0928 4.65368 15.0928 5.25929 14.7216 5.63282Z" fill="currentColor"></path></svg></h3></div></div><div class="Header_actions__HXH_c" style="display:flex;margin-left:auto"><a href="https://landing.inigo.io/demo" target="_blank"><div class="Button_button__vjyUx" data-type="primary" data-size="default">Get a demo<!-- --></div></a><div style="margin-left:24px"><a href="https://app.inigo.io/" target="_blank"><div class="Button_button__vjyUx" data-type="secondary" data-size="default">Get started for free<!-- --></div></a></div></div></div></div><div class="Notifications_wrapper__MdtP8"><div class="Notifications_container__s6gON"></div></div><div style="flex:1"><div class="Blog_modal__ZNL0I"><svg xmlns="http://www.w3.org/2000/svg" height="32" width="32" viewBox="0 0 48 48" class="Blog_close__ekCso"><path d="M24 26.1 13.5 36.6q-.45.45-1.05.45-.6 0-1.05-.45-.45-.45-.45-1.05 0-.6.45-1.05L21.9 24 11.4 13.5q-.45-.45-.45-1.05 0-.6.45-1.05.45-.45 1.05-.45.6 0 1.05.45L24 21.9l10.5-10.5q.45-.45 1.05-.45.6 0 1.05.45.45.45.45 1.05 0 .6-.45 1.05L26.1 24l10.5 10.5q.45.45.45 1.05 0 .6-.45 1.05-.45.45-1.05.45-.6 0-1.05-.45Z"></path></svg></div><div class="Blog_navigationWrapper__o0wgQ"><div class="Blog_section__rJEq5 Blog_navigation__kNg6J"><div class="Blog_container___FXXS container"><div class="Blog_list__bfBXa"><a class="Blog_item__be49i level-2" href="/blog/how_threat_actors_fingerprint_your_graphql_apis#List%20of%20GraphQL%20server%20implementations%20available%20as%20of%20this%20writing">List of GraphQL server implementations available as of this writing</a></div></div></div></div><div class="Blog_topWrapper__8hUbB"><div class="Blog_section__rJEq5"><div class="Blog_container___FXXS container"><div class="Blog_topContent__jXk7t"><div class="Blog_topButton__GoV4B"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M1.43751 15.5508L10.9438 6.42022C11.5271 5.85993 12.4729 5.85993 13.0562 6.42022L22.5625 15.5508C23.1458 16.1111 23.1458 17.0195 22.5625 17.5798C21.9791 18.1401 21.0333 18.1401 20.45 17.5798L12 9.46374L3.55001 17.5798C2.96666 18.1401 2.02086 18.1401 1.43751 17.5798C0.854162 17.0195 0.854162 16.1111 1.43751 15.5508Z" fill="#171717"></path></svg></div></div></div></div></div><div class="Blog_extraWrapper__YE8NJ"><div class="Blog_section__rJEq5"><div class="Blog_container___FXXS container"><div class="Blog_extraContent__KYByz dark"><div class="Blog_share__nJLzS"><span class="Blog_label__zPfxe">Share on</span><div class="Blog_divider__ULY6W">路</div><div class="Blog_social__X8XU_"><a href="https://www.linkedin.com/shareArticle?url=&amp;title=How%20threat%20actors%20fingerprint%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 2.00289C1 1.4493 1.46341 1 2.03474 1H13.9653C14.5368 1 15 1.4493 15 2.00289V13.9973C15 14.5511 14.5368 15 13.9653 15H2.03474C1.46341 15 1 14.5511 1 13.9975V2.0027V2.00289Z" fill="currentColor"></path><path d="M5.27011 13V6.25259H3.12644V13H5.27011Z" fill="white"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M8.60026 7.23109V7.20798L8.58603 7.23109H8.60026Z" fill="white"></path><path d="M6.45659 13H8.60007V9.23239C8.60007 9.03092 8.61412 8.82907 8.67069 8.68523C8.82561 8.28211 9.17833 7.86488 9.77063 7.86488C10.5461 7.86488 10.8565 8.48357 10.8565 9.39073V13H13V9.13126C13 7.05883 11.9426 6.09444 10.5323 6.09444C9.39514 6.09444 8.88517 6.74829 8.60026 7.20798V7.23109H8.58603L8.60026 7.20798V6.25279H6.45678C6.48469 6.88579 6.45659 13 6.45659 13Z" fill="white"></path><path d="M4.19865 5.33151C4.94605 5.33151 5.41135 4.81335 5.41135 4.16585C5.3973 3.50365 4.94605 3 4.21289 3C3.47916 3 3 3.50365 3 4.16585C3 4.81335 3.46511 5.33151 4.1846 5.33151H4.19865Z" fill="white"></path></svg></a><a href="https://twitter.com/intent/tweet?text=How%20threat%20actors%20fingerprint%20your%20GraphQL%20APIs&amp;url=" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M2.00038 2H5.56834C5.56778 2.00098 5.56859 2.00175 5.57077 2.0023C5.57256 2.00279 5.57395 2.00375 5.57496 2.00517L8.66365 6.40079C8.66454 6.40206 8.66572 6.40311 8.66709 6.40386C8.66846 6.40462 8.66999 6.40505 8.67156 6.40514C8.67312 6.40523 8.67469 6.40496 8.67614 6.40437C8.67759 6.40377 8.67888 6.40285 8.67991 6.4017L12.5465 2.00673C12.5477 2.00533 12.5493 2.00425 12.5511 2.00361C12.5534 2.00284 12.5554 2.00164 12.557 2H13.6114L9.14577 7.07601C9.14457 7.07741 9.14386 7.07914 9.14375 7.08095C9.14365 7.08276 9.14415 7.08454 9.14518 7.08602L13.9992 13.9935C14.0005 13.9953 14.0002 13.9969 13.9984 13.9982L13.9959 14H13.9206H10.4682H10.4347C10.4334 13.9988 10.4316 13.9978 10.4293 13.997C10.4266 13.996 10.4244 13.9944 10.4227 13.992L7.15716 9.34485C7.15676 9.34429 7.15624 9.34382 7.15563 9.34349C7.15502 9.34316 7.15434 9.34297 7.15364 9.34294C7.15294 9.3429 7.15224 9.34303 7.1516 9.34331C7.15096 9.34358 7.1504 9.344 7.14995 9.34453L3.05711 13.9966C3.0561 13.9977 3.05484 13.9983 3.05333 13.9983L2.01849 14H2.00155C1.99993 13.9965 2.00169 13.9919 2.00683 13.9861C3.56483 12.2156 5.12227 10.4456 6.67915 8.6762C6.68042 8.67474 6.68117 8.67291 6.68128 8.67098C6.68138 8.66906 6.68084 8.66714 6.67973 8.66554C5.12649 6.45523 3.57302 4.24451 2.01933 2.03338C2.01882 2.03267 2.01474 2.0277 2.00709 2.01846C2.00127 2.01146 1.99904 2.0053 2.00038 2ZM10.9423 13.2542C11.4761 13.2562 12.0091 13.2565 12.5413 13.2549C12.5424 13.2549 12.5435 13.2546 12.5444 13.254C12.5454 13.2534 12.5462 13.2526 12.5467 13.2516C12.5472 13.2506 12.5474 13.2495 12.5474 13.2484C12.5473 13.2474 12.5469 13.2463 12.5463 13.2454L5.06886 2.78685C5.06717 2.78449 5.06493 2.78257 5.06232 2.78124C5.0597 2.77992 5.0568 2.77922 5.05385 2.77922H3.4444C3.44365 2.77922 3.44291 2.77943 3.44227 2.77981C3.44164 2.78019 3.44111 2.78074 3.44077 2.78139C3.44042 2.78204 3.44027 2.78277 3.44032 2.7835C3.44036 2.78423 3.44062 2.78494 3.44104 2.78554C5.93025 6.26715 8.41957 9.74898 10.909 13.231C10.9202 13.2468 10.92 13.2541 10.9423 13.2542Z" fill="currentColor"></path></svg></a><a href="https://www.facebook.com/sharer/sharer.php?u=&amp;t=How%20threat%20actors%20fingerprint%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M5.84379 15H8.92189V9.09789H11.6953L12 6.16526H8.92189V4.68421C8.92189 4.48879 9.00297 4.30137 9.14728 4.16318C9.2916 4.025 9.48733 3.94737 9.69142 3.94737H12V1H9.69142C8.67096 1 7.6923 1.38816 6.97073 2.07908C6.24916 2.77 5.84379 3.7071 5.84379 4.68421V6.16526H4.30473L4 9.09789H5.84379V15Z" fill="currentColor"></path></svg></a><a href="https://reddit.com/submit?url=&amp;title=How%20threat%20actors%20fingerprint%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M7.1667 8.69333C7.1667 8.31333 6.85336 8 6.47336 8C6.09336 8 5.78003 8.31333 5.78003 8.69333C5.78003 8.87722 5.85308 9.05357 5.9831 9.18359C6.11313 9.31362 6.28948 9.38667 6.47336 9.38667C6.65725 9.38667 6.8336 9.31362 6.96362 9.18359C7.09365 9.05357 7.1667 8.87722 7.1667 8.69333ZM9.39336 10.2733C9.09336 10.5733 8.45336 10.68 8.00003 10.68C7.5467 10.68 6.9067 10.5733 6.6067 10.2733C6.59048 10.256 6.57087 10.2421 6.54908 10.2327C6.52729 10.2232 6.50379 10.2183 6.48003 10.2183C6.45627 10.2183 6.43277 10.2232 6.41098 10.2327C6.38919 10.2421 6.36958 10.256 6.35336 10.2733C6.336 10.2895 6.32216 10.3092 6.3127 10.331C6.30323 10.3527 6.29835 10.3762 6.29835 10.4C6.29835 10.4238 6.30323 10.4473 6.3127 10.469C6.32216 10.4908 6.336 10.5105 6.35336 10.5267C6.8267 11 7.73336 11.04 8.00003 11.04C8.2667 11.04 9.17336 11 9.6467 10.5267C9.66406 10.5105 9.6779 10.4908 9.68736 10.469C9.69682 10.4473 9.70171 10.4238 9.70171 10.4C9.70171 10.3762 9.69682 10.3527 9.68736 10.331C9.6779 10.3092 9.66406 10.2895 9.6467 10.2733C9.58003 10.2067 9.4667 10.2067 9.39336 10.2733ZM9.5267 8C9.1467 8 8.83336 8.31333 8.83336 8.69333C8.83336 9.07333 9.1467 9.38667 9.5267 9.38667C9.9067 9.38667 10.22 9.07333 10.22 8.69333C10.22 8.31333 9.91336 8 9.5267 8Z" fill="currentColor"></path><path d="M8.00004 1.33398C4.32004 1.33398 1.33337 4.32065 1.33337 8.00065C1.33337 11.6807 4.32004 14.6673 8.00004 14.6673C11.68 14.6673 14.6667 11.6807 14.6667 8.00065C14.6667 4.32065 11.68 1.33398 8.00004 1.33398ZM11.8667 8.88732C11.88 8.98065 11.8867 9.08065 11.8867 9.18065C11.8867 10.674 10.1467 11.8873 8.00004 11.8873C5.85337 11.8873 4.11337 10.674 4.11337 9.18065C4.11337 9.08065 4.12004 8.98065 4.13337 8.88732C3.79337 8.73398 3.56004 8.39398 3.56004 8.00065C3.55905 7.80948 3.61458 7.62228 3.71964 7.46256C3.8247 7.30285 3.97461 7.17774 4.15054 7.10295C4.32648 7.02816 4.52059 7.00702 4.7085 7.0422C4.89641 7.07737 5.06974 7.16729 5.20671 7.30065C5.88004 6.81398 6.81337 6.50732 7.84671 6.47398L8.34004 4.14732C8.34671 4.10065 8.37337 4.06065 8.41337 4.04065C8.45337 4.01398 8.50004 4.00732 8.54671 4.01398L10.16 4.36065C10.2148 4.2497 10.2982 4.15542 10.4016 4.08757C10.505 4.01972 10.6248 3.98079 10.7483 3.9748C10.8719 3.96881 10.9948 3.99599 11.1043 4.05352C11.2138 4.11105 11.3059 4.19684 11.3711 4.30198C11.4363 4.40711 11.4722 4.52778 11.475 4.65145C11.4778 4.77512 11.4475 4.8973 11.3872 5.00531C11.3269 5.11333 11.2388 5.20324 11.1321 5.26572C11.0253 5.3282 10.9037 5.36098 10.78 5.36065C10.4067 5.36065 10.1067 5.06732 10.0867 4.70065L8.64004 4.39398L8.20004 6.47398C9.22004 6.50732 10.1334 6.82065 10.8 7.30065C10.9022 7.20306 11.0245 7.12898 11.1583 7.08358C11.2922 7.03819 11.4343 7.02259 11.5748 7.03786C11.7153 7.05313 11.8507 7.09892 11.9716 7.17201C12.0926 7.2451 12.1961 7.34373 12.2749 7.461C12.3538 7.57827 12.406 7.71136 12.4281 7.85094C12.4501 7.99052 12.4414 8.13323 12.4025 8.26909C12.3636 8.40494 12.2955 8.53066 12.203 8.63745C12.1104 8.74424 11.9957 8.82952 11.8667 8.88732Z" fill="currentColor"></path></svg></a></div></div><div class="Blog_nav__jXHlK"><a class="Blog_prev__DRmHc" href="/blog/how_threat_actors_detect_your_graphql_apis"><div class="Blog_label__zPfxe">Previous</div><div class="Blog_title__fzP73"><svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M7.77538 11.2812L3.21011 6.52812C2.92996 6.23645 2.92996 5.76355 3.21011 5.47188L7.77538 0.718757C8.05553 0.427081 8.50974 0.427081 8.78989 0.718757C9.07004 1.01043 9.07004 1.48333 8.78989 1.77501L4.73187 6L8.78989 10.225C9.07004 10.5167 9.07004 10.9896 8.78989 11.2812C8.50974 11.5729 8.05553 11.5729 7.77538 11.2812Z" fill="currentColor"></path></svg><span>How threat actors detect your GraphQL APIs</span></div></a><a class="Blog_next__FWEgT" href="/blog/what_makes_defending_graphql_apis_is_challenging_to_security_engineers"><div class="Blog_label__zPfxe">Next</div><div class="Blog_title__fzP73"><svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M4.22462 0.718756L8.78989 5.47188C9.07004 5.76355 9.07004 6.23645 8.78989 6.52812L4.22462 11.2812C3.94447 11.5729 3.49026 11.5729 3.21011 11.2812C2.92996 10.9896 2.92996 10.5167 3.21011 10.225L7.26813 6L3.21011 1.77501C2.92996 1.48333 2.92996 1.01043 3.21011 0.718756C3.49026 0.427081 3.94447 0.427081 4.22462 0.718756Z" fill="currentColor"></path></svg><span>What makes defending GraphQL APIs challenging to security engineers</span></div></a></div><div class="Blog_posts__PbJWQ"><div class="Blog_badge__0Wwkr">Latest posts</div><div class="Posts_posts__TsKSt Posts_list__sWF1k"><div class="Posts_blur__wN2Tw"><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div></div><a class="Posts_post__DbZ9o" href="/blog/dry-graphql-type-similarity-linting"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/DRY_in_GraphQL-_How_the_Type_Similarity_Linting_Rule_Keeps_Your_Schema_Clean.png"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 11, 2024</div><div class="Posts_divider__Dy9Z5">路</div><div>Nikolai Kaploniuk</div></div><h3>DRY in GraphQL: How the Type Similarity Linting Rule Keeps Your Schema Clean</h3><div class="Posts_footer__z7JYC"><a href="/blog/dry-graphql-type-similarity-linting"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-vercel-support"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog__-_Manage_GraphQL_with_Vercel.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 05, 2024</div><div class="Posts_divider__Dy9Z5">路</div><div>Adam Benhassen &amp; Michael Skorokhodov</div></div><h3>Why We Added Vercel Support and What It Means for Developers</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-vercel-support"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-schema-checks-with-github-actions"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog_-_GraphQL_Schema_Checks_with_GitHub_Actions.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Nov 19, 2024</div><div class="Posts_divider__Dy9Z5">路</div><div>Nikolai Kaploniuk</div></div><h3>GraphQL Schema Checks with GitHub Actions</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-schema-checks-with-github-actions"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a></div></div></div></div></div></div><section class="Blog_section__rJEq5 Blog_full__l3zDW" data-section="article"><div class="container Blog_container___FXXS"><div class="Blog_breadcrumb__7mXC1"><a class="Blog_link__cvuxH" href="/blog"><svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M4.22462 0.718756L8.78989 5.47188C9.07004 5.76355 9.07004 6.23645 8.78989 6.52812L4.22462 11.2812C3.94447 11.5729 3.49026 11.5729 3.21011 11.2812C2.92996 10.9896 2.92996 10.5167 3.21011 10.225L7.26813 6L3.21011 1.77501C2.92996 1.48333 2.92996 1.01043 3.21011 0.718756C3.49026 0.427081 3.94447 0.427081 4.22462 0.718756Z" fill="currentColor"></path></svg><div>Blog</div></a></div><div class="Blog_share__nJLzS"><span class="Blog_label__zPfxe">Share on</span><div class="Blog_divider__ULY6W">路</div><div class="Blog_social__X8XU_"><a href="https://www.linkedin.com/shareArticle?url=&amp;title=How%20threat%20actors%20fingerprint%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 2.00289C1 1.4493 1.46341 1 2.03474 1H13.9653C14.5368 1 15 1.4493 15 2.00289V13.9973C15 14.5511 14.5368 15 13.9653 15H2.03474C1.46341 15 1 14.5511 1 13.9975V2.0027V2.00289Z" fill="currentColor"></path><path d="M5.27011 13V6.25259H3.12644V13H5.27011Z" fill="white"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M8.60026 7.23109V7.20798L8.58603 7.23109H8.60026Z" fill="white"></path><path d="M6.45659 13H8.60007V9.23239C8.60007 9.03092 8.61412 8.82907 8.67069 8.68523C8.82561 8.28211 9.17833 7.86488 9.77063 7.86488C10.5461 7.86488 10.8565 8.48357 10.8565 9.39073V13H13V9.13126C13 7.05883 11.9426 6.09444 10.5323 6.09444C9.39514 6.09444 8.88517 6.74829 8.60026 7.20798V7.23109H8.58603L8.60026 7.20798V6.25279H6.45678C6.48469 6.88579 6.45659 13 6.45659 13Z" fill="white"></path><path d="M4.19865 5.33151C4.94605 5.33151 5.41135 4.81335 5.41135 4.16585C5.3973 3.50365 4.94605 3 4.21289 3C3.47916 3 3 3.50365 3 4.16585C3 4.81335 3.46511 5.33151 4.1846 5.33151H4.19865Z" fill="white"></path></svg></a><a href="https://twitter.com/intent/tweet?text=How%20threat%20actors%20fingerprint%20your%20GraphQL%20APIs&amp;url=" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M2.00038 2H5.56834C5.56778 2.00098 5.56859 2.00175 5.57077 2.0023C5.57256 2.00279 5.57395 2.00375 5.57496 2.00517L8.66365 6.40079C8.66454 6.40206 8.66572 6.40311 8.66709 6.40386C8.66846 6.40462 8.66999 6.40505 8.67156 6.40514C8.67312 6.40523 8.67469 6.40496 8.67614 6.40437C8.67759 6.40377 8.67888 6.40285 8.67991 6.4017L12.5465 2.00673C12.5477 2.00533 12.5493 2.00425 12.5511 2.00361C12.5534 2.00284 12.5554 2.00164 12.557 2H13.6114L9.14577 7.07601C9.14457 7.07741 9.14386 7.07914 9.14375 7.08095C9.14365 7.08276 9.14415 7.08454 9.14518 7.08602L13.9992 13.9935C14.0005 13.9953 14.0002 13.9969 13.9984 13.9982L13.9959 14H13.9206H10.4682H10.4347C10.4334 13.9988 10.4316 13.9978 10.4293 13.997C10.4266 13.996 10.4244 13.9944 10.4227 13.992L7.15716 9.34485C7.15676 9.34429 7.15624 9.34382 7.15563 9.34349C7.15502 9.34316 7.15434 9.34297 7.15364 9.34294C7.15294 9.3429 7.15224 9.34303 7.1516 9.34331C7.15096 9.34358 7.1504 9.344 7.14995 9.34453L3.05711 13.9966C3.0561 13.9977 3.05484 13.9983 3.05333 13.9983L2.01849 14H2.00155C1.99993 13.9965 2.00169 13.9919 2.00683 13.9861C3.56483 12.2156 5.12227 10.4456 6.67915 8.6762C6.68042 8.67474 6.68117 8.67291 6.68128 8.67098C6.68138 8.66906 6.68084 8.66714 6.67973 8.66554C5.12649 6.45523 3.57302 4.24451 2.01933 2.03338C2.01882 2.03267 2.01474 2.0277 2.00709 2.01846C2.00127 2.01146 1.99904 2.0053 2.00038 2ZM10.9423 13.2542C11.4761 13.2562 12.0091 13.2565 12.5413 13.2549C12.5424 13.2549 12.5435 13.2546 12.5444 13.254C12.5454 13.2534 12.5462 13.2526 12.5467 13.2516C12.5472 13.2506 12.5474 13.2495 12.5474 13.2484C12.5473 13.2474 12.5469 13.2463 12.5463 13.2454L5.06886 2.78685C5.06717 2.78449 5.06493 2.78257 5.06232 2.78124C5.0597 2.77992 5.0568 2.77922 5.05385 2.77922H3.4444C3.44365 2.77922 3.44291 2.77943 3.44227 2.77981C3.44164 2.78019 3.44111 2.78074 3.44077 2.78139C3.44042 2.78204 3.44027 2.78277 3.44032 2.7835C3.44036 2.78423 3.44062 2.78494 3.44104 2.78554C5.93025 6.26715 8.41957 9.74898 10.909 13.231C10.9202 13.2468 10.92 13.2541 10.9423 13.2542Z" fill="currentColor"></path></svg></a><a href="https://www.facebook.com/sharer/sharer.php?u=&amp;t=How%20threat%20actors%20fingerprint%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M5.84379 15H8.92189V9.09789H11.6953L12 6.16526H8.92189V4.68421C8.92189 4.48879 9.00297 4.30137 9.14728 4.16318C9.2916 4.025 9.48733 3.94737 9.69142 3.94737H12V1H9.69142C8.67096 1 7.6923 1.38816 6.97073 2.07908C6.24916 2.77 5.84379 3.7071 5.84379 4.68421V6.16526H4.30473L4 9.09789H5.84379V15Z" fill="currentColor"></path></svg></a><a href="https://reddit.com/submit?url=&amp;title=How%20threat%20actors%20fingerprint%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M7.1667 8.69333C7.1667 8.31333 6.85336 8 6.47336 8C6.09336 8 5.78003 8.31333 5.78003 8.69333C5.78003 8.87722 5.85308 9.05357 5.9831 9.18359C6.11313 9.31362 6.28948 9.38667 6.47336 9.38667C6.65725 9.38667 6.8336 9.31362 6.96362 9.18359C7.09365 9.05357 7.1667 8.87722 7.1667 8.69333ZM9.39336 10.2733C9.09336 10.5733 8.45336 10.68 8.00003 10.68C7.5467 10.68 6.9067 10.5733 6.6067 10.2733C6.59048 10.256 6.57087 10.2421 6.54908 10.2327C6.52729 10.2232 6.50379 10.2183 6.48003 10.2183C6.45627 10.2183 6.43277 10.2232 6.41098 10.2327C6.38919 10.2421 6.36958 10.256 6.35336 10.2733C6.336 10.2895 6.32216 10.3092 6.3127 10.331C6.30323 10.3527 6.29835 10.3762 6.29835 10.4C6.29835 10.4238 6.30323 10.4473 6.3127 10.469C6.32216 10.4908 6.336 10.5105 6.35336 10.5267C6.8267 11 7.73336 11.04 8.00003 11.04C8.2667 11.04 9.17336 11 9.6467 10.5267C9.66406 10.5105 9.6779 10.4908 9.68736 10.469C9.69682 10.4473 9.70171 10.4238 9.70171 10.4C9.70171 10.3762 9.69682 10.3527 9.68736 10.331C9.6779 10.3092 9.66406 10.2895 9.6467 10.2733C9.58003 10.2067 9.4667 10.2067 9.39336 10.2733ZM9.5267 8C9.1467 8 8.83336 8.31333 8.83336 8.69333C8.83336 9.07333 9.1467 9.38667 9.5267 9.38667C9.9067 9.38667 10.22 9.07333 10.22 8.69333C10.22 8.31333 9.91336 8 9.5267 8Z" fill="currentColor"></path><path d="M8.00004 1.33398C4.32004 1.33398 1.33337 4.32065 1.33337 8.00065C1.33337 11.6807 4.32004 14.6673 8.00004 14.6673C11.68 14.6673 14.6667 11.6807 14.6667 8.00065C14.6667 4.32065 11.68 1.33398 8.00004 1.33398ZM11.8667 8.88732C11.88 8.98065 11.8867 9.08065 11.8867 9.18065C11.8867 10.674 10.1467 11.8873 8.00004 11.8873C5.85337 11.8873 4.11337 10.674 4.11337 9.18065C4.11337 9.08065 4.12004 8.98065 4.13337 8.88732C3.79337 8.73398 3.56004 8.39398 3.56004 8.00065C3.55905 7.80948 3.61458 7.62228 3.71964 7.46256C3.8247 7.30285 3.97461 7.17774 4.15054 7.10295C4.32648 7.02816 4.52059 7.00702 4.7085 7.0422C4.89641 7.07737 5.06974 7.16729 5.20671 7.30065C5.88004 6.81398 6.81337 6.50732 7.84671 6.47398L8.34004 4.14732C8.34671 4.10065 8.37337 4.06065 8.41337 4.04065C8.45337 4.01398 8.50004 4.00732 8.54671 4.01398L10.16 4.36065C10.2148 4.2497 10.2982 4.15542 10.4016 4.08757C10.505 4.01972 10.6248 3.98079 10.7483 3.9748C10.8719 3.96881 10.9948 3.99599 11.1043 4.05352C11.2138 4.11105 11.3059 4.19684 11.3711 4.30198C11.4363 4.40711 11.4722 4.52778 11.475 4.65145C11.4778 4.77512 11.4475 4.8973 11.3872 5.00531C11.3269 5.11333 11.2388 5.20324 11.1321 5.26572C11.0253 5.3282 10.9037 5.36098 10.78 5.36065C10.4067 5.36065 10.1067 5.06732 10.0867 4.70065L8.64004 4.39398L8.20004 6.47398C9.22004 6.50732 10.1334 6.82065 10.8 7.30065C10.9022 7.20306 11.0245 7.12898 11.1583 7.08358C11.2922 7.03819 11.4343 7.02259 11.5748 7.03786C11.7153 7.05313 11.8507 7.09892 11.9716 7.17201C12.0926 7.2451 12.1961 7.34373 12.2749 7.461C12.3538 7.57827 12.406 7.71136 12.4281 7.85094C12.4501 7.99052 12.4414 8.13323 12.4025 8.26909C12.3636 8.40494 12.2955 8.53066 12.203 8.63745C12.1104 8.74424 11.9957 8.82952 11.8667 8.88732Z" fill="currentColor"></path></svg></a></div></div><div class="Blog_post__nxiI8"><div class="Blog_content__hr05U"><h1 class="Blog_title__fzP73">How threat actors fingerprint your GraphQL APIs</h1><div class="Blog_info__mxOuz"><span>Shahar Binyamin &amp; Inigo team</span><a class="Blog_twitter__4xLXu" href="https://twitter.com/ShacharBinyamin" target="_blank"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M2.00038 2H5.56834C5.56778 2.00098 5.56859 2.00175 5.57077 2.0023C5.57256 2.00279 5.57395 2.00375 5.57496 2.00517L8.66365 6.40079C8.66454 6.40206 8.66572 6.40311 8.66709 6.40386C8.66846 6.40462 8.66999 6.40505 8.67156 6.40514C8.67312 6.40523 8.67469 6.40496 8.67614 6.40437C8.67759 6.40377 8.67888 6.40285 8.67991 6.4017L12.5465 2.00673C12.5477 2.00533 12.5493 2.00425 12.5511 2.00361C12.5534 2.00284 12.5554 2.00164 12.557 2H13.6114L9.14577 7.07601C9.14457 7.07741 9.14386 7.07914 9.14375 7.08095C9.14365 7.08276 9.14415 7.08454 9.14518 7.08602L13.9992 13.9935C14.0005 13.9953 14.0002 13.9969 13.9984 13.9982L13.9959 14H13.9206H10.4682H10.4347C10.4334 13.9988 10.4316 13.9978 10.4293 13.997C10.4266 13.996 10.4244 13.9944 10.4227 13.992L7.15716 9.34485C7.15676 9.34429 7.15624 9.34382 7.15563 9.34349C7.15502 9.34316 7.15434 9.34297 7.15364 9.34294C7.15294 9.3429 7.15224 9.34303 7.1516 9.34331C7.15096 9.34358 7.1504 9.344 7.14995 9.34453L3.05711 13.9966C3.0561 13.9977 3.05484 13.9983 3.05333 13.9983L2.01849 14H2.00155C1.99993 13.9965 2.00169 13.9919 2.00683 13.9861C3.56483 12.2156 5.12227 10.4456 6.67915 8.6762C6.68042 8.67474 6.68117 8.67291 6.68128 8.67098C6.68138 8.66906 6.68084 8.66714 6.67973 8.66554C5.12649 6.45523 3.57302 4.24451 2.01933 2.03338C2.01882 2.03267 2.01474 2.0277 2.00709 2.01846C2.00127 2.01146 1.99904 2.0053 2.00038 2ZM10.9423 13.2542C11.4761 13.2562 12.0091 13.2565 12.5413 13.2549C12.5424 13.2549 12.5435 13.2546 12.5444 13.254C12.5454 13.2534 12.5462 13.2526 12.5467 13.2516C12.5472 13.2506 12.5474 13.2495 12.5474 13.2484C12.5473 13.2474 12.5469 13.2463 12.5463 13.2454L5.06886 2.78685C5.06717 2.78449 5.06493 2.78257 5.06232 2.78124C5.0597 2.77992 5.0568 2.77922 5.05385 2.77922H3.4444C3.44365 2.77922 3.44291 2.77943 3.44227 2.77981C3.44164 2.78019 3.44111 2.78074 3.44077 2.78139C3.44042 2.78204 3.44027 2.78277 3.44032 2.7835C3.44036 2.78423 3.44062 2.78494 3.44104 2.78554C5.93025 6.26715 8.41957 9.74898 10.909 13.231C10.9202 13.2468 10.92 13.2541 10.9423 13.2542Z" fill="currentColor"></path></svg></a><span class="Blog_divider__ULY6W">路</span><time class="Blog_date__RKpq9">Sep 06, 2022</time></div><div class="Blog_cover__22FQK"><img height="100%" src="/img/strapi/How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp"/></div><div class="Blog_text__PHSp3"><p>In previous blog posts, we discussed what鈥檚 involved in the process of <a target="_blank" href="https://inigo.io/blog/how_threat_actors_detect_your_graphql_apis">detecting GraphQL servers</a>. Threat actors don鈥檛 stop there, the identification of a target is only the initial step in the process of achieving the greater goal of compromising a GraphQL API target.</p> <p>You鈥檝e identified a GraphQL server, now what? Well, the next step in the process is to learn all you can about the specific server. You may be asking yourself, aren鈥檛 all GraphQL servers the same; they just provide an API layer to some application? While this is true, the first thing you should know is that there are <strong>many</strong> GraphQL server implementations, not all of them are mature, and not all of them are well maintained.</p> <p>Let鈥檚 explore some of the GraphQL servers that are out there today. A good source for this is the <a target="_blank" href="https://graphql.org/code">https://graphql.org/code</a> website, which lists client libraries, servers, tools as well services by the language they were written in. For this post, we鈥檙e going to focus only on server implementations. Below chart illustrates the number of GraphQL server implementations available today by language. You can find the detailed table at the bottom of this post.</p> <p><img src="https://cms.inigo.io/uploads/Graph_QL_Servers_Breakdown_fd16991ddd.png" alt="GraphQL Servers Breakdown.png"></p> <p>As you can see, there are many different server implementations. Most notable are PHP (22.8%) Golang (12.3%) JavaScript (10.5%) Java (8.8%) and Python (7%).</p> <p>Why is this important? When threat actors target an application or server, they need to gather a few key data points to increase their chances of successfully breaking in:</p> <ol> <li>What platform is running?</li> <li>Is the source code available?</li> <li>What version is it on?</li> <li>Are there any known vulnerabilities for it?</li> <li>Are there any available exploits for the vulnerabilities?</li> <li>What security features are built into it?</li> <li>Are there any insecure settings shipped by default?</li> </ol> <p>To be able to know the answer to these questions, you first need to fingerprint the target. But how do you fingerprint an API? Since GraphQL is just an API layer, you may be asking yourself: how would someone know what GraphQL implementation it is if they should all conform with the specification and return the same predictable response structure? Well, if you craft a careful enough payload that the server does not expect, all it will take is a small and subtle difference in the response to distinguish one server from another. Let鈥檚 explore what this looks like.</p> <p><img src="https://cms.inigo.io/uploads/Graph_QL_Server_Fingerprint_3a6d01008b.png" alt="GraphQL Server Fingerprint.png"></p> <p>GraphQL supports three operation types: query, mutation and subscription as described in section 2.3 Operations in the <a target="_blank" href="https://spec.graphql.org/October2021/#sec-Language.Operations">GraphQL specification</a>. What would happen if an operation that doesn鈥檛 exist is provided, and what would the server respond with? Let鈥檚 find out:</p> <pre><code>queryyy { # notice the typo __typename } </code></pre> <p>Using curl, we will send this malformed query to an Apollo-based GraphQL server</p> <pre><code>$ curl -s -X POST http://apollo.example.local -H &quot;Content-Type: application/json&quot; -d '{&quot;query&quot;:&quot;queryyy { __typename }&quot;}' | jq { &quot;errors&quot;: [ { &quot;message&quot;: &quot;Syntax Error: Unexpected Name \&quot;queryyy\&quot;.&quot;, &quot;extensions&quot;: { &quot;code&quot;: &quot;GRAPHQL_PARSE_FAILED&quot; } } ] } </code></pre> <p>So, we have an errors key with a message of <strong>Syntax Error: Unexpected Name &quot;queryyy&quot;</strong>. Now, let鈥檚 do the same against a Graphene-based GraphQL server, a Python-based implementation.</p> <pre><code>$ curl -s -X POST http://graphene.example.local -H &quot;Content-Type: application/json&quot; -d '{&quot;query&quot;:&quot;queryyy { __typename }&quot;}' | jq { &quot;errors&quot;: [ { &quot;message&quot;: &quot;Syntax Error GraphQL (1:1) Unexpected Name \&quot;queryyy\&quot; \n1: queryyy { __typename }\n ^\n&quot;, &quot;locations&quot;: [ { &quot;line&quot;: 1, &quot;column&quot;: 1 } ] } ] } </code></pre> <p>Now we see that the error message is a little different. For example, instead of <strong>Syntax Error</strong> we now get <strong>Syntax Error GraphQL</strong> in the error message. This is an obvious difference that can help us pinpoint the implementation.</p> <p>Tools that perform GraphQL fingerprinting surfaced over the years, such as <a target="_blank" href="https://github.com/dolevf/graphw00f">Graphw00f</a> that make use of these subtle differences to arm ethical hackers with the necessary knowledge and give them the ability to perform more educated guesses during penetration tests.</p> <p>We mentioned earlier that some implementations are more mature than others, and offer protections that others don鈥檛. In future posts, we will cover various vulnerabilities of different implementations. Whether you are using a popular GraphQL server implementation, or completely wrote your own custom implementation, Inigo abstracts your GraphQL API layer and provides security protections so you don鈥檛 need to worry about securing your GraphQL server, we do that for you.</p> <h2 id="List%20of%20GraphQL%20server%20implementations%20available%20as%20of%20this%20writing">List of GraphQL server implementations available as of this writing</h2> <table> <thead> <tr> <th>#</th> <th>Implementation</th> <th>Language</th> <th>URL</th> </tr> </thead> <tbody> <tr> <td>1</td> <td>graphql-js</td> <td>JavaScript</td> <td>https://graphql.org/graphql-js/</td> </tr> <tr> <td>2</td> <td>apollo</td> <td>JavaScript</td> <td>https://github.com/apollographql/apollo-server</td> </tr> <tr> <td>3</td> <td>graphql-yoga</td> <td>JavaScript</td> <td>https://github.com/dotansimha/graphql-yoga</td> </tr> <tr> <td>4</td> <td>express-graphql</td> <td>JavaScript</td> <td>https://github.com/graphql/express-graphql</td> </tr> <tr> <td>5</td> <td>mercurius</td> <td>JavaScript</td> <td>https://github.com/mercurius-js/mercurius</td> </tr> <tr> <td>6</td> <td>graphql-helix</td> <td>JavaScript</td> <td>https://github.com/contra/graphql-helix</td> </tr> <tr> <td>7</td> <td>graphql-go</td> <td>Golang</td> <td>https://github.com/graphql-go/graphql</td> </tr> <tr> <td>8</td> <td>gqlgen</td> <td>Golang</td> <td>https://github.com/99designs/gqlgen</td> </tr> <tr> <td>9</td> <td>graphql-go (graph-gophers)</td> <td>Golang</td> <td>https://github.com/graph-gophers/graphql-go</td> </tr> <tr> <td>10</td> <td>thunder</td> <td>Golang</td> <td>https://github.com/samsarahq/thunder</td> </tr> <tr> <td>11</td> <td>graphql-relay-go</td> <td>Golang</td> <td>https://github.com/graphql-go/relay</td> </tr> <tr> <td>12</td> <td>jaal</td> <td>Golang</td> <td>https://github.com/appointy/jaal</td> </tr> <tr> <td>13</td> <td>eggql</td> <td>Golang</td> <td>https://github.com/andrewwphillips/eggql</td> </tr> <tr> <td>14</td> <td>api-platform</td> <td>PHP</td> <td>https://api-platform.com/</td> </tr> <tr> <td>15</td> <td>graphql-php</td> <td>PHP</td> <td>https://github.com/webonyx/graphql-php</td> </tr> <tr> <td>16</td> <td>WPGraphQL</td> <td>PHP</td> <td>https://github.com/wp-graphql/wp-graphql</td> </tr> <tr> <td>17</td> <td>Lighthouse</td> <td>PHP</td> <td>https://github.com/nuwave/lighthouse</td> </tr> <tr> <td>18</td> <td>Siler</td> <td>PHP</td> <td>https://github.com/leocavalcante/siler</td> </tr> <tr> <td>19</td> <td>GraphQLBundle</td> <td>PHP</td> <td>https://github.com/overblog/GraphQLBundle</td> </tr> <tr> <td>20</td> <td>GraphQLite</td> <td>PHP</td> <td>https://github.com/thecodingmachine/graphqlite</td> </tr> <tr> <td>21</td> <td>Ralit</td> <td>PHP</td> <td>https://github.com/railt/railt</td> </tr> <tr> <td>22</td> <td>graphql-relay-php</td> <td>PHP</td> <td>https://github.com/ivome/graphql-relay-php</td> </tr> <tr> <td>23</td> <td>GraphQL by PoP</td> <td>PHP</td> <td>https://github.com/leoloso/PoP</td> </tr> <tr> <td>24</td> <td>GraphQL API for WordPress</td> <td>PHP</td> <td>https://github.com/leoloso/PoP</td> </tr> <tr> <td>25</td> <td>GraPHPinator</td> <td>PHP</td> <td>https://github.com/infinityloop-dev/graphpinator</td> </tr> <tr> <td>26</td> <td>serge</td> <td>PHP</td> <td>https://github.com/kepawni/serge</td> </tr> <tr> <td>27</td> <td>graphql-java</td> <td>Java</td> <td>https://github.com/graphql-java/graphql-java</td> </tr> <tr> <td>28</td> <td>Domain Graph Service (DGS) Framework</td> <td>Java</td> <td>https://github.com/netflix/dgs-framework</td> </tr> <tr> <td>29</td> <td>graphql-kotlin</td> <td>Java</td> <td>https://github.com/ExpediaGroup/graphql-kotlin</td> </tr> <tr> <td>30</td> <td>GraphQL Spring Boot</td> <td>Java</td> <td>https://github.com/graphql-java-kickstart/graphql-spring-boot</td> </tr> <tr> <td>31</td> <td>KGraphQL</td> <td>Java</td> <td>https://github.com/aPureBase/KGraphQL</td> </tr> <tr> <td>32</td> <td>graphql-dotnet</td> <td>C# / .NET</td> <td>https://github.com/graphql-dotnet/graphql-dotnet</td> </tr> <tr> <td>33</td> <td>Hot Chocolate</td> <td>C# / .NET</td> <td>https://github.com/ChilliCream/hotchocolate</td> </tr> <tr> <td>34</td> <td>NGraphQL</td> <td>C# / .NET</td> <td>https://github.com/rivantsov/ngraphql</td> </tr> <tr> <td>35</td> <td>Graphene</td> <td>Python</td> <td>https://github.com/graphql-python/graphene</td> </tr> <tr> <td>36</td> <td>Strawberry</td> <td>Python</td> <td>https://github.com/strawberry-graphql/strawberry</td> </tr> <tr> <td>37</td> <td>Ariadne</td> <td>Python</td> <td>https://github.com/mirumee/ariadne</td> </tr> <tr> <td>38</td> <td>Tartiflette</td> <td>Python</td> <td>https://github.com/tartiflette/tartiflette</td> </tr> <tr> <td>39</td> <td>Graphiti</td> <td>Swift</td> <td>https://github.com/GraphQLSwift/Graphiti</td> </tr> <tr> <td>40</td> <td>GraphZahl</td> <td>Swift</td> <td>https://github.com/nerdsupremacist/GraphZahl</td> </tr> <tr> <td>41</td> <td>Juniper</td> <td>Rust</td> <td>https://github.com/graphql-rust/juniper</td> </tr> <tr> <td>42</td> <td>Async-graphql</td> <td>Rust</td> <td>https://github.com/async-graphql/async-graphql</td> </tr> <tr> <td>43</td> <td>graphql-ruby</td> <td>Ruby</td> <td>https://github.com/rmosolgo/graphql-ruby</td> </tr> <tr> <td>44</td> <td>Agoo</td> <td>Ruby</td> <td>https://github.com/ohler55/agoo</td> </tr> <tr> <td>45</td> <td>Absinthe</td> <td>Elixir</td> <td>https://github.com/absinthe-graphql/absinthe</td> </tr> <tr> <td>46</td> <td>graphql-elixir</td> <td>Elixir</td> <td>https://github.com/graphql-elixir/graphql</td> </tr> <tr> <td>47</td> <td>Sangria</td> <td>Scala</td> <td>https://github.com/sangria-graphql/sangria</td> </tr> <tr> <td>48</td> <td>Caliban</td> <td>Scala</td> <td>https://github.com/ghostdogpr/caliban</td> </tr> <tr> <td>49</td> <td>Iacinia</td> <td>Clojure</td> <td>https://github.com/walmartlabs/lacinia</td> </tr> <tr> <td>50</td> <td>graphql-cli</td> <td>Clojure</td> <td>https://github.com/tendant/graphql-clj</td> </tr> <tr> <td>51</td> <td>alumbra</td> <td>Clojure</td> <td>https://github.com/alumbra/alumbra</td> </tr> <tr> <td>52</td> <td>Morpheus GraphQL</td> <td>Haskell</td> <td>https://github.com/morpheusgraphql/morpheus-graphql</td> </tr> <tr> <td>53</td> <td>Mu-Haskell</td> <td>Haskell</td> <td>https://github.com/higherkindness/mu-haskell</td> </tr> <tr> <td>54</td> <td>ocaml-graphql-server</td> <td>OCaml</td> <td>https://github.com/andreas/ocaml-graphql-server</td> </tr> <tr> <td>55</td> <td>graphql-erlang</td> <td>Erlang</td> <td>https://github.com/jlouis/graphql-erlang</td> </tr> <tr> <td>56</td> <td>ghql</td> <td>R</td> <td>https://github.com/ropensci/ghql</td> </tr> <tr> <td>57</td> <td>gorm-graphql</td> <td>Groovy</td> <td>https://github.com/grails/gorm-graphql</td> </tr> <tr> <td>58</td> <td>graphql-perl</td> <td>Perl</td> <td>https://github.com/graphql-perl/graphql-perl</td> </tr> <tr> <td>59</td> <td>graphqld</td> <td>D</td> <td>https://github.com/burner/graphqld</td> </tr> </tbody> </table> </div></div></div></div></section><div class="Blog_section__rJEq5 Blog_getStarted__Kzhdd dark undefined" data-section="__get_started"><div class="Blog_container___FXXS container"><div class="Blog_card__N6nuN"><span class="Blog_title__fzP73">Ready <!-- --><strong>to accelerate</strong> your GraphQL adoption?<!-- --></span><div class="Blog_actions__v4MsO"><a href="https://app.inigo.io" target="_blank"><div class="Button_button__vjyUx" data-type="primary" data-size="default">Start Inigo for free<!-- --></div></a><div class="Blog_caption__kylxA">*No credit card needed</div></div></div><div class="Blog_card__N6nuN"><span class="Blog_title__fzP73">Join our <!-- --><strong>newsletter</strong></span><div class="Blog_actions__v4MsO"><div class="Subscribe_subscribe__fdAxO"><div class="Subscribe_input__4SSQ5"><div class="Input_container__uVEry Input_disableClear__j5G8v" data-state="default"><div class="Input_field__78goo"><input class="Input_input__T9DSh" type="text" placeholder="Enter your email" value=""/></div></div><div class="Subscribe_tooltip__L8Jii"><svg width="16" height="18" viewBox="0 0 16 18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M7.37141 2.38853C7.6304 1.87049 8.3696 1.87049 8.62859 2.38854L15.9249 16.9828C16.1585 17.4501 15.8187 18 15.2963 18H0.703694C0.181255 18 -0.15854 17.4501 0.0751019 16.9828L7.37141 2.38853Z" fill="#FFC836"></path><path d="M7.71541 6.25414C7.30215 6.25414 6.97809 6.60903 7.01551 7.02064L7.61681 13.6357C7.63482 13.8339 7.801 13.9857 8.00001 13.9857C8.19903 13.9857 8.3652 13.8339 8.38322 13.6357L8.98452 7.02064C9.02193 6.60903 8.69788 6.25414 8.28462 6.25414H7.71541Z" fill="white"></path><path d="M8 16.7971C8.58221 16.7971 9.05418 16.3251 9.05418 15.7428C9.05418 15.1606 8.58221 14.6885 8 14.6885C7.41779 14.6885 6.94582 15.1606 6.94582 15.7428C6.94582 16.3251 7.41779 16.7971 8 16.7971Z" fill="white"></path></svg>Please enter valid email.<!-- --></div></div><button class="Button_button__vjyUx" data-disabled="false" data-type="primary" data-size="default">Subscribe<!-- --></button></div></div></div></div></div><section class="Blog_section__rJEq5 Blog_related__KEL4A Blog_fullRelated__8aCvq dark" data-section="more"><div class="container Blog_container___FXXS"><div class="Posts_posts__TsKSt Posts_alternate__4SC8P"><div class="Posts_blur__wN2Tw"><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div></div><a class="Posts_post__DbZ9o" href="/blog/dry-graphql-type-similarity-linting"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/DRY_in_GraphQL-_How_the_Type_Similarity_Linting_Rule_Keeps_Your_Schema_Clean.png"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 11, 2024</div><div class="Posts_divider__Dy9Z5">路</div><div>Nikolai Kaploniuk</div></div><h3>DRY in GraphQL: How the Type Similarity Linting Rule Keeps Your Schema Clean</h3><div class="Posts_footer__z7JYC"><a href="/blog/dry-graphql-type-similarity-linting"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-vercel-support"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog__-_Manage_GraphQL_with_Vercel.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 05, 2024</div><div class="Posts_divider__Dy9Z5">路</div><div>Adam Benhassen &amp; Michael Skorokhodov</div></div><h3>Why We Added Vercel Support and What It Means for Developers</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-vercel-support"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-schema-checks-with-github-actions"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog_-_GraphQL_Schema_Checks_with_GitHub_Actions.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Nov 19, 2024</div><div class="Posts_divider__Dy9Z5">路</div><div>Nikolai Kaploniuk</div></div><h3>GraphQL Schema Checks with GitHub Actions</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-schema-checks-with-github-actions"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a></div></div></section></div><div class="Footer_footer__AaBZs dark"><div class="container"><div class="Footer_main__Pz_IY"><div class="Footer_left__g5Jwd"><a href="/"><img class="Footer_logo__RdbIO" width="127" height="36" alt="Inigo Logo" src="/img/logo_alternate.svg" loading="lazy"/></a></div><div class="Footer_navigation__97Tfv"><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Product<!-- --></h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="/observability">In-Depth Observability<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="/managed_schema">Schema Registry<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="security">Multi-Layer Security<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="explorer">GraphQL Explorer<!-- --> <!-- --></a></div></div></div><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Solutions <!-- --></h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="gateway">Inigo&#x27;s GraphQL Router<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="byog">Inigo鈥檚 Apollo Plugin<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="byos">Inigo鈥檚 GraphQL Middleware<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="api-gateway">API Gateway Integration<!-- --> <!-- --></a></div></div></div><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Learn<!-- --></h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="blog">Blog<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://docs.inigo.io">Docs<!-- --> <!-- --><svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://docs.inigo.io/tutorials/tutorials_part_1">Tutorials<!-- --> <!-- --><svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="apollo-vs-inigo">Inigo vs. GraphOS<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="media">Media &amp; Webinars<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="press">Press<!-- --> <!-- --></a></div></div></div><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Company<!-- --></h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="about">About us<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="legal">Legal<!-- --> <!-- --></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://reddit.com/user/InigoGraphQL">Reddit<!-- --> <!-- --><svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://www.linkedin.com/company/inigo">LinkedIn<!-- --> <!-- --><svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://github.com/inigolabs">GitHub<!-- --> <!-- --><svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://landing.inigo.io/demo">Contact us<!-- --> <!-- --><svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div></div></div></div></div><div class="Footer_copyright__E_szu"><span>Copyright 漏 <!-- -->2024<!-- --> Inigo Labs, Inc. <!-- -->| <!-- --> All Rights Reserved. <!-- -->| <!-- --><a href="https://status.inigo.io" target="_blank">Systems Status</a></span></div></div></div><script async="" src="https://embed.savvycal.com/v1/embed.js"></script><script> window.SavvyCal=window.SavvyCal||function(){(SavvyCal.q=SavvyCal.q||[]).push(arguments)}; </script><script> SavvyCal('init'); </script></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"pages":[{"pid":"kubecon-na-2022","title":"kubecon-na-2022"},{"pid":"press","title":"press"},{"pid":"about","title":"about"},{"pid":"home","title":"home"},{"pid":"__security","title":"__security"},{"pid":"query_protection","title":"query_protection"},{"pid":"access_control","title":"access_control"},{"pid":"rate_limiting","title":"rate_limiting"},{"pid":"managed_federation","title":"managed_federation"},{"pid":"careers","title":"careers"},{"pid":"observability","title":"observability"},{"pid":"managed_schema","title":"managed_schema"},{"pid":"security","title":"security"},{"pid":"explorer","title":"explorer"},{"pid":"solutions","title":"solutions"},{"pid":"byog","title":"byog"},{"pid":"api-gateway","title":"api-gateway"},{"pid":"byos","title":"byos"},{"pid":"gateway","title":"gateway"}],"headerNavigation":[{"id":14,"Title":"Product","ref":null,"children":[{"id":65,"title":"In-Depth Observability","ref":"observability","description":"Analytics, Errors and Alerting","color":"#8F8CE1","icon":{"data":{"id":471,"attributes":{"name":"icon_monitoring.svg","alternativeText":"icon_monitoring.svg","caption":"icon_monitoring.svg","width":48,"height":48,"hash":"icon_monitoring_4d769619ee","ext":".svg","mime":"image/svg+xml","size":0.56,"url":"/img/strapi/icon_monitoring.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T15:44:24.623Z","updatedAt":"2023-12-26T15:44:24.623Z"}}},"children":[]},{"id":68,"title":"Schema Registry","ref":"managed_schema","description":"Composition, Schema Checks, Registry and Linting","color":"#AC44EF","icon":{"data":{"id":480,"attributes":{"name":"icon_schema.svg","alternativeText":"icon_schema.svg","caption":"icon_schema.svg","width":48,"height":48,"hash":"icon_schema_dd41bc4feb","ext":".svg","mime":"image/svg+xml","size":2.12,"url":"/img/strapi/icon_schema.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T16:40:51.519Z","updatedAt":"2023-12-26T16:40:51.519Z"}}},"children":[]},{"id":67,"title":"Multi-Layer Security","ref":"security","description":"Rate Limiting and Query Protection","color":"#84ACF3","icon":{"data":{"id":486,"attributes":{"name":"icon_security.svg","alternativeText":"icon_security.svg","caption":"icon_security.svg","width":48,"height":48,"hash":"icon_security_a3240ef9ab","ext":".svg","mime":"image/svg+xml","size":1.8,"url":"/img/strapi/icon_security.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T16:53:58.372Z","updatedAt":"2023-12-26T16:53:58.372Z"}}},"children":[]},{"id":66,"title":"GraphQL Explorer","ref":"explorer","description":"Collaborative Query Builder","color":"#D4B053","icon":{"data":{"id":491,"attributes":{"name":"icon_playground.svg","alternativeText":"icon_playground.svg","caption":"icon_playground.svg","width":48,"height":48,"hash":"icon_playground_b055fdcfa3","ext":".svg","mime":"image/svg+xml","size":1.05,"url":"/img/strapi/icon_playground.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T17:03:25.614Z","updatedAt":"2023-12-26T17:03:25.614Z"}}},"children":[]}]},{"id":17,"Title":"Solutions","ref":null,"children":[{"id":92,"title":"Use cases","ref":null,"description":null,"color":null,"icon":{"data":null},"children":[{"id":15,"title":"Inigo's GraphQL Router","ref":"gateway","icon":{"data":{"id":644,"attributes":{"name":"nav_inigo.svg","alternativeText":"nav_inigo.svg","caption":"nav_inigo.svg","width":16,"height":16,"hash":"nav_inigo_74f7ea23d1","ext":".svg","mime":"image/svg+xml","size":5.26,"url":"/img/strapi/nav_inigo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:36:05.083Z","updatedAt":"2024-08-23T14:36:05.083Z"}}}},{"id":12,"title":"Inigo鈥檚 Apollo Plugin","ref":"byog","icon":{"data":{"id":641,"attributes":{"name":"nav_byog.svg","alternativeText":"nav_byog.svg","caption":"nav_byog.svg","width":16,"height":16,"hash":"nav_byog_c44e9018e9","ext":".svg","mime":"image/svg+xml","size":6.93,"url":"/img/strapi/nav_byog.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:35:37.325Z","updatedAt":"2024-08-23T14:35:37.325Z"}}}},{"id":11,"title":"Inigo鈥檚 GraphQL Middleware","ref":"byos","icon":{"data":{"id":642,"attributes":{"name":"nav_byos.svg","alternativeText":"nav_byos.svg","caption":"nav_byos.svg","width":16,"height":16,"hash":"nav_byos_f05073cea1","ext":".svg","mime":"image/svg+xml","size":0.85,"url":"/img/strapi/nav_byos.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:35:47.192Z","updatedAt":"2024-08-23T14:35:47.192Z"}}}},{"id":13,"title":"API Gateway Integration","ref":"api-gateway","icon":{"data":{"id":643,"attributes":{"name":"nav_api.svg","alternativeText":"nav_api.svg","caption":"nav_api.svg","width":16,"height":16,"hash":"nav_api_e27c691a68","ext":".svg","mime":"image/svg+xml","size":1.41,"url":"/img/strapi/nav_api.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:35:57.287Z","updatedAt":"2024-08-23T14:35:57.287Z"}}}}]},{"id":93,"title":"Integrations","ref":null,"description":null,"color":null,"icon":{"data":null},"children":[{"id":21,"title":"Apollo Server","ref":"https://docs.inigo.io/product/agent_installation/javascript_apollo_plugin","icon":{"data":{"id":623,"attributes":{"name":"Apollo.svg","alternativeText":"Apollo.svg","caption":"Apollo.svg","width":16,"height":16,"hash":"Apollo_575ff22caf","ext":".svg","mime":"image/svg+xml","size":1.7,"url":"/img/strapi/Apollo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:03.978Z","updatedAt":"2024-08-02T14:35:03.978Z"}}}},{"id":22,"title":"Apollo Gateway","ref":"https://docs.inigo.io/product/agent_installation/javascript_apollo_gateway","icon":{"data":{"id":623,"attributes":{"name":"Apollo.svg","alternativeText":"Apollo.svg","caption":"Apollo.svg","width":16,"height":16,"hash":"Apollo_575ff22caf","ext":".svg","mime":"image/svg+xml","size":1.7,"url":"/img/strapi/Apollo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:03.978Z","updatedAt":"2024-08-02T14:35:03.978Z"}}}},{"id":20,"title":"Apollo Router","ref":"https://docs.inigo.io/product/agent_installation/rust_apollo_router","icon":{"data":{"id":623,"attributes":{"name":"Apollo.svg","alternativeText":"Apollo.svg","caption":"Apollo.svg","width":16,"height":16,"hash":"Apollo_575ff22caf","ext":".svg","mime":"image/svg+xml","size":1.7,"url":"/img/strapi/Apollo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:03.978Z","updatedAt":"2024-08-02T14:35:03.978Z"}}}},{"id":23,"title":"Guild Yoga","ref":"https://docs.inigo.io/product/agent_installation/yoga","icon":{"data":{"id":624,"attributes":{"name":"logo yoga.svg","alternativeText":"logo yoga.svg","caption":"logo yoga.svg","width":16,"height":16,"hash":"logo_yoga_44d58eb36e","ext":".svg","mime":"image/svg+xml","size":6.55,"url":"/img/strapi/logo_yoga.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:21.568Z","updatedAt":"2024-08-02T14:35:21.568Z"}}}},{"id":24,"title":"Python Django","ref":"https://docs.inigo.io/product/agent_installation/python_django","icon":{"data":{"id":625,"attributes":{"name":"Phyton.svg","alternativeText":"Phyton.svg","caption":"Phyton.svg","width":16,"height":16,"hash":"Phyton_55ad6cdfd5","ext":".svg","mime":"image/svg+xml","size":1.61,"url":"/img/strapi/Phyton.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:28.237Z","updatedAt":"2024-08-02T14:35:28.237Z"}}}},{"id":25,"title":"Python Flask","ref":"https://docs.inigo.io/product/agent_installation/python_flask","icon":{"data":{"id":625,"attributes":{"name":"Phyton.svg","alternativeText":"Phyton.svg","caption":"Phyton.svg","width":16,"height":16,"hash":"Phyton_55ad6cdfd5","ext":".svg","mime":"image/svg+xml","size":1.61,"url":"/img/strapi/Phyton.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:28.237Z","updatedAt":"2024-08-02T14:35:28.237Z"}}}},{"id":26,"title":"Ruby on Rails","ref":"https://docs.inigo.io/product/agent_installation/ruby_on_rails","icon":{"data":{"id":626,"attributes":{"name":"Rails.svg","alternativeText":"Rails.svg","caption":"Rails.svg","width":16,"height":16,"hash":"Rails_0ad6e72312","ext":".svg","mime":"image/svg+xml","size":3.05,"url":"/img/strapi/Rails.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:05.667Z","updatedAt":"2024-08-20T16:19:19.312Z"}}}},{"id":27,"title":"Kubernetes Sidecar","ref":"https://docs.inigo.io/product/agent_installation/kubernetes","icon":{"data":{"id":627,"attributes":{"name":"Kubernetes.svg","alternativeText":"Kubernetes.svg","caption":"Kubernetes.svg","width":16,"height":16,"hash":"Kubernetes_94709cae0f","ext":".svg","mime":"image/svg+xml","size":11.32,"url":"/img/strapi/Kubernetes.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:16.514Z","updatedAt":"2024-08-02T14:36:16.514Z"}}}},{"id":30,"title":"Docker Standalone","ref":"https://docs.inigo.io/product/agent_installation/docker_standalone","icon":{"data":{"id":629,"attributes":{"name":"docker-icon-1024x739-rivf80b4 1.svg","alternativeText":"docker-icon-1024x739-rivf80b4 1.svg","caption":"docker-icon-1024x739-rivf80b4 1.svg","width":16,"height":16,"hash":"docker_icon_1024x739_rivf80b4_1_b9fe9b77d5","ext":".svg","mime":"image/svg+xml","size":4.68,"url":"/img/strapi/docker-icon-1024x739-rivf80b4_1.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:38.510Z","updatedAt":"2024-08-02T14:36:38.510Z"}}}},{"id":28,"title":"Docker Compose","ref":"https://docs.inigo.io/product/agent_installation/docker_compose","icon":{"data":{"id":629,"attributes":{"name":"docker-icon-1024x739-rivf80b4 1.svg","alternativeText":"docker-icon-1024x739-rivf80b4 1.svg","caption":"docker-icon-1024x739-rivf80b4 1.svg","width":16,"height":16,"hash":"docker_icon_1024x739_rivf80b4_1_b9fe9b77d5","ext":".svg","mime":"image/svg+xml","size":4.68,"url":"/img/strapi/docker-icon-1024x739-rivf80b4_1.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:38.510Z","updatedAt":"2024-08-02T14:36:38.510Z"}}}},{"id":29,"title":"Local Daemon","ref":"https://docs.inigo.io/product/agent_installation/standalone_agent","icon":{"data":{"id":645,"attributes":{"name":"local.svg","alternativeText":"local.svg","caption":"local.svg","width":16,"height":16,"hash":"local_5ba2d666f4","ext":".svg","mime":"image/svg+xml","size":0.27,"url":"/img/strapi/local.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:39:16.170Z","updatedAt":"2024-08-23T14:39:16.170Z"}}}},{"id":31,"title":"Kong","ref":"https://docs.inigo.io/product/agent_installation/kong","icon":{"data":{"id":631,"attributes":{"name":"Kong.svg","alternativeText":"Kong.svg","caption":"Kong.svg","width":17,"height":16,"hash":"Kong_3c06a74bde","ext":".svg","mime":"image/svg+xml","size":4.34,"url":"/img/strapi/Kong.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:37:16.806Z","updatedAt":"2024-08-02T14:37:16.806Z"}}}},{"id":32,"title":"Google Cloud Apigee","ref":"https://docs.inigo.io/product/agent_installation/apigee","icon":{"data":{"id":632,"attributes":{"name":"API.svg","alternativeText":"API.svg","caption":"API.svg","width":16,"height":16,"hash":"API_5e1d30f296","ext":".svg","mime":"image/svg+xml","size":3.71,"url":"/img/strapi/API.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:37:26.601Z","updatedAt":"2024-08-02T14:37:26.601Z"}}}},{"id":33,"title":"Hasura","ref":"https://docs.inigo.io/product/agent_installation/hasura","icon":{"data":{"id":573,"attributes":{"name":"Hasura.svg","alternativeText":"Hasura.svg","caption":"Hasura.svg","width":32,"height":32,"hash":"Hasura_2beedf3588","ext":".svg","mime":"image/svg+xml","size":2.46,"url":"/img/strapi/Hasura.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-04-05T12:51:01.009Z","updatedAt":"2024-04-05T12:51:01.009Z"}}}}]}]},{"id":15,"Title":"Pricing","ref":"pricing","children":[]},{"id":20,"Title":"Docs","ref":"https://docs.inigo.io","children":[]},{"id":2,"Title":"Blog","ref":"blog","children":[]},{"id":11,"Title":"Learn","ref":null,"children":[{"id":79,"title":"Tutorials","ref":"https://docs.inigo.io/tutorials/tutorials_part_1","description":null,"color":null,"icon":{"data":{"id":517,"attributes":{"name":"Tutorials.svg","alternativeText":"Tutorials.svg","caption":"Tutorials.svg","width":32,"height":32,"hash":"Tutorials_00ddeec014","ext":".svg","mime":"image/svg+xml","size":0.52,"url":"/img/strapi/Tutorials.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:22:42.230Z","updatedAt":"2024-02-01T16:22:42.230Z"}}},"children":[]},{"id":81,"title":"Inigo vs GraphOS","ref":"apollo-vs-inigo","description":null,"color":null,"icon":{"data":{"id":518,"attributes":{"name":"discovery.svg","alternativeText":"discovery.svg","caption":"discovery.svg","width":32,"height":32,"hash":"discovery_cea17bed6b","ext":".svg","mime":"image/svg+xml","size":1.58,"url":"/img/strapi/discovery.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:23:12.221Z","updatedAt":"2024-02-01T16:23:12.221Z"}}},"children":[]},{"id":77,"title":"Company","ref":"about","description":null,"color":null,"icon":{"data":{"id":515,"attributes":{"name":"blog.svg","alternativeText":"blog.svg","caption":"blog.svg","width":32,"height":32,"hash":"blog_1efe751850","ext":".svg","mime":"image/svg+xml","size":0.84,"url":"/img/strapi/blog.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:21:23.173Z","updatedAt":"2024-02-01T16:21:23.173Z"}}},"children":[]},{"id":80,"title":"Media \u0026 Webinars","ref":"media","description":null,"color":null,"icon":{"data":{"id":519,"attributes":{"name":"YouTube.svg","alternativeText":"YouTube.svg","caption":"YouTube.svg","width":32,"height":32,"hash":"You_Tube_7de9bfa780","ext":".svg","mime":"image/svg+xml","size":1.15,"url":"/img/strapi/YouTube.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:23:29.009Z","updatedAt":"2024-02-01T16:23:29.009Z"}}},"children":[]},{"id":94,"title":"Press","ref":"press","description":null,"color":null,"icon":{"data":{"id":174,"attributes":{"name":"press.svg","alternativeText":"press.svg","caption":"press.svg","width":24,"height":24,"hash":"press_784b5b1b4b","ext":".svg","mime":"image/svg+xml","size":1.69,"url":"/img/strapi/press.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-01-26T16:40:35.744Z","updatedAt":"2023-01-26T16:40:35.744Z"}}},"children":[]}]}],"footerNavigation":[{"id":8,"Title":"Product","ref":null,"children":[{"id":22,"title":"In-Depth Observability","ref":"/observability","description":null,"color":null},{"id":72,"title":"Schema Registry","ref":"/managed_schema","description":null,"color":null},{"id":73,"title":"Multi-Layer Security","ref":"security","description":null,"color":null},{"id":74,"title":"GraphQL Explorer","ref":"explorer","description":null,"color":null}]},{"id":19,"Title":"Solutions ","ref":null,"children":[{"id":103,"title":"Inigo's GraphQL Router","ref":"gateway","description":null,"color":null},{"id":96,"title":"Inigo鈥檚 Apollo Plugin","ref":"byog","description":null,"color":null},{"id":97,"title":"Inigo鈥檚 GraphQL Middleware","ref":"byos","description":null,"color":null},{"id":98,"title":"API Gateway Integration","ref":"api-gateway","description":null,"color":null}]},{"id":16,"Title":"Learn","ref":null,"children":[{"id":70,"title":"Blog","ref":"blog","description":null,"color":null},{"id":71,"title":"Docs","ref":"https://docs.inigo.io","description":null,"color":null},{"id":69,"title":"Tutorials","ref":"https://docs.inigo.io/tutorials/tutorials_part_1","description":null,"color":null},{"id":75,"title":"Inigo vs. GraphOS","ref":"apollo-vs-inigo","description":null,"color":null},{"id":76,"title":"Media \u0026 Webinars","ref":"media","description":null,"color":null},{"id":95,"title":"Press","ref":"press","description":null,"color":null}]},{"id":6,"Title":"Company","ref":null,"children":[{"id":64,"title":"About us","ref":"about","description":null,"color":null},{"id":104,"title":"Legal","ref":"legal","description":null,"color":null},{"id":99,"title":"Reddit","ref":"https://reddit.com/user/InigoGraphQL","description":null,"color":null},{"id":100,"title":"LinkedIn","ref":"https://www.linkedin.com/company/inigo","description":null,"color":null},{"id":102,"title":"GitHub","ref":"https://github.com/inigolabs","description":null,"color":null},{"id":101,"title":"Contact us","ref":"https://landing.inigo.io/demo","description":null,"color":null}]}],"banner":{"text":"Inigo Gateway: The Next Evolution in GraphQL Management","link":"https://inigo.io/blog/inigo-gateway","createdAt":"2023-12-12T20:28:12.753Z","updatedAt":"2024-10-23T15:36:52.420Z","publishedAt":"2023-12-12T20:28:13.815Z"},"navigation":[{"id":"List%20of%20GraphQL%20server%20implementations%20available%20as%20of%20this%20writing","text":"List of GraphQL server implementations available as of this writing","level":"2"}],"prev":{"attributes":{"path":"how_threat_actors_detect_your_graphql_apis","title":"How threat actors detect your GraphQL APIs"}},"next":{"attributes":{"path":"what_makes_defending_graphql_apis_is_challenging_to_security_engineers","title":"What makes defending GraphQL APIs challenging to security engineers"}},"post":{"id":7,"attributes":{"title":"How threat actors fingerprint your GraphQL APIs","author":"Shahar Binyamin \u0026 Inigo team","text":"\u003cp\u003eIn previous blog posts, we discussed what鈥檚 involved in the process of \u003ca target=\"_blank\" href=\"https://inigo.io/blog/how_threat_actors_detect_your_graphql_apis\"\u003edetecting GraphQL servers\u003c/a\u003e. Threat actors don鈥檛 stop there, the identification of a target is only the initial step in the process of achieving the greater goal of compromising a GraphQL API target.\u003c/p\u003e\n\u003cp\u003eYou鈥檝e identified a GraphQL server, now what? Well, the next step in the process is to learn all you can about the specific server. You may be asking yourself, aren鈥檛 all GraphQL servers the same; they just provide an API layer to some application? While this is true, the first thing you should know is that there are \u003cstrong\u003emany\u003c/strong\u003e GraphQL server implementations, not all of them are mature, and not all of them are well maintained.\u003c/p\u003e\n\u003cp\u003eLet鈥檚 explore some of the GraphQL servers that are out there today. A good source for this is the \u003ca target=\"_blank\" href=\"https://graphql.org/code\"\u003ehttps://graphql.org/code\u003c/a\u003e website, which lists client libraries, servers, tools as well services by the language they were written in. For this post, we鈥檙e going to focus only on server implementations. Below chart illustrates the number of GraphQL server implementations available today by language. You can find the detailed table at the bottom of this post.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://cms.inigo.io/uploads/Graph_QL_Servers_Breakdown_fd16991ddd.png\" alt=\"GraphQL Servers Breakdown.png\"\u003e\u003c/p\u003e\n\u003cp\u003eAs you can see, there are many different server implementations. Most notable are PHP (22.8%) Golang (12.3%) JavaScript (10.5%) Java (8.8%) and Python (7%).\u003c/p\u003e\n\u003cp\u003eWhy is this important? When threat actors target an application or server, they need to gather a few key data points to increase their chances of successfully breaking in:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhat platform is running?\u003c/li\u003e\n\u003cli\u003eIs the source code available?\u003c/li\u003e\n\u003cli\u003eWhat version is it on?\u003c/li\u003e\n\u003cli\u003eAre there any known vulnerabilities for it?\u003c/li\u003e\n\u003cli\u003eAre there any available exploits for the vulnerabilities?\u003c/li\u003e\n\u003cli\u003eWhat security features are built into it?\u003c/li\u003e\n\u003cli\u003eAre there any insecure settings shipped by default?\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eTo be able to know the answer to these questions, you first need to fingerprint the target. But how do you fingerprint an API? Since GraphQL is just an API layer, you may be asking yourself: how would someone know what GraphQL implementation it is if they should all conform with the specification and return the same predictable response structure? Well, if you craft a careful enough payload that the server does not expect, all it will take is a small and subtle difference in the response to distinguish one server from another. Let鈥檚 explore what this looks like.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://cms.inigo.io/uploads/Graph_QL_Server_Fingerprint_3a6d01008b.png\" alt=\"GraphQL Server Fingerprint.png\"\u003e\u003c/p\u003e\n\u003cp\u003eGraphQL supports three operation types: query, mutation and subscription as described in section 2.3 Operations in the \u003ca target=\"_blank\" href=\"https://spec.graphql.org/October2021/#sec-Language.Operations\"\u003eGraphQL specification\u003c/a\u003e. What would happen if an operation that doesn鈥檛 exist is provided, and what would the server respond with? Let鈥檚 find out:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003equeryyy { # notice the typo\n __typename\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eUsing curl, we will send this malformed query to an Apollo-based GraphQL server\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e$ curl -s -X POST http://apollo.example.local -H \u0026quot;Content-Type: application/json\u0026quot; -d '{\u0026quot;query\u0026quot;:\u0026quot;queryyy { __typename }\u0026quot;}' | jq\n\n{\n \u0026quot;errors\u0026quot;: [\n {\n \u0026quot;message\u0026quot;: \u0026quot;Syntax Error: Unexpected Name \\\u0026quot;queryyy\\\u0026quot;.\u0026quot;,\n \u0026quot;extensions\u0026quot;: {\n \u0026quot;code\u0026quot;: \u0026quot;GRAPHQL_PARSE_FAILED\u0026quot;\n }\n }\n ]\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eSo, we have an errors key with a message of \u003cstrong\u003eSyntax Error: Unexpected Name \u0026quot;queryyy\u0026quot;\u003c/strong\u003e. Now, let鈥檚 do the same against a Graphene-based GraphQL server, a Python-based implementation.\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e$ curl -s -X POST http://graphene.example.local -H \u0026quot;Content-Type: application/json\u0026quot; -d '{\u0026quot;query\u0026quot;:\u0026quot;queryyy { __typename }\u0026quot;}' | jq\n\n{\n \u0026quot;errors\u0026quot;: [\n {\n \u0026quot;message\u0026quot;: \u0026quot;Syntax Error GraphQL (1:1) Unexpected Name \\\u0026quot;queryyy\\\u0026quot;\n\\n1: queryyy { __typename }\\n ^\\n\u0026quot;,\n \u0026quot;locations\u0026quot;: [\n {\n \u0026quot;line\u0026quot;: 1,\n \u0026quot;column\u0026quot;: 1\n }\n ]\n }\n ]\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow we see that the error message is a little different. For example, instead of \u003cstrong\u003eSyntax Error\u003c/strong\u003e we now get \u003cstrong\u003eSyntax Error GraphQL\u003c/strong\u003e in the error message. This is an obvious difference that can help us pinpoint the implementation.\u003c/p\u003e\n\u003cp\u003eTools that perform GraphQL fingerprinting surfaced over the years, such as \u003ca target=\"_blank\" href=\"https://github.com/dolevf/graphw00f\"\u003eGraphw00f\u003c/a\u003e that make use of these subtle differences to arm ethical hackers with the necessary knowledge and give them the ability to perform more educated guesses during penetration tests.\u003c/p\u003e\n\u003cp\u003eWe mentioned earlier that some implementations are more mature than others, and offer protections that others don鈥檛. In future posts, we will cover various vulnerabilities of different implementations. Whether you are using a popular GraphQL server implementation, or completely wrote your own custom implementation, Inigo abstracts your GraphQL API layer and provides security protections so you don鈥檛 need to worry about securing your GraphQL server, we do that for you.\u003c/p\u003e\n\u003ch2 id=\"List%20of%20GraphQL%20server%20implementations%20available%20as%20of%20this%20writing\"\u003eList of GraphQL server implementations available as of this writing\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003e#\u003c/th\u003e\n\u003cth\u003eImplementation\u003c/th\u003e\n\u003cth\u003eLanguage\u003c/th\u003e\n\u003cth\u003eURL\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e1\u003c/td\u003e\n\u003ctd\u003egraphql-js\u003c/td\u003e\n\u003ctd\u003eJavaScript\u003c/td\u003e\n\u003ctd\u003ehttps://graphql.org/graphql-js/\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e2\u003c/td\u003e\n\u003ctd\u003eapollo\u003c/td\u003e\n\u003ctd\u003eJavaScript\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/apollographql/apollo-server\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e3\u003c/td\u003e\n\u003ctd\u003egraphql-yoga\u003c/td\u003e\n\u003ctd\u003eJavaScript\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/dotansimha/graphql-yoga\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e4\u003c/td\u003e\n\u003ctd\u003eexpress-graphql\u003c/td\u003e\n\u003ctd\u003eJavaScript\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql/express-graphql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e5\u003c/td\u003e\n\u003ctd\u003emercurius\u003c/td\u003e\n\u003ctd\u003eJavaScript\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/mercurius-js/mercurius\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e6\u003c/td\u003e\n\u003ctd\u003egraphql-helix\u003c/td\u003e\n\u003ctd\u003eJavaScript\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/contra/graphql-helix\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e7\u003c/td\u003e\n\u003ctd\u003egraphql-go\u003c/td\u003e\n\u003ctd\u003eGolang\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql-go/graphql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e8\u003c/td\u003e\n\u003ctd\u003egqlgen\u003c/td\u003e\n\u003ctd\u003eGolang\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/99designs/gqlgen\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e9\u003c/td\u003e\n\u003ctd\u003egraphql-go (graph-gophers)\u003c/td\u003e\n\u003ctd\u003eGolang\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graph-gophers/graphql-go\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e10\u003c/td\u003e\n\u003ctd\u003ethunder\u003c/td\u003e\n\u003ctd\u003eGolang\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/samsarahq/thunder\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e11\u003c/td\u003e\n\u003ctd\u003egraphql-relay-go\u003c/td\u003e\n\u003ctd\u003eGolang\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql-go/relay\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e12\u003c/td\u003e\n\u003ctd\u003ejaal\u003c/td\u003e\n\u003ctd\u003eGolang\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/appointy/jaal\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e13\u003c/td\u003e\n\u003ctd\u003eeggql\u003c/td\u003e\n\u003ctd\u003eGolang\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/andrewwphillips/eggql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e14\u003c/td\u003e\n\u003ctd\u003eapi-platform\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://api-platform.com/\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e15\u003c/td\u003e\n\u003ctd\u003egraphql-php\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/webonyx/graphql-php\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e16\u003c/td\u003e\n\u003ctd\u003eWPGraphQL\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/wp-graphql/wp-graphql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e17\u003c/td\u003e\n\u003ctd\u003eLighthouse\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/nuwave/lighthouse\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e18\u003c/td\u003e\n\u003ctd\u003eSiler\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/leocavalcante/siler\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e19\u003c/td\u003e\n\u003ctd\u003eGraphQLBundle\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/overblog/GraphQLBundle\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e20\u003c/td\u003e\n\u003ctd\u003eGraphQLite\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/thecodingmachine/graphqlite\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e21\u003c/td\u003e\n\u003ctd\u003eRalit\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/railt/railt\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e22\u003c/td\u003e\n\u003ctd\u003egraphql-relay-php\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/ivome/graphql-relay-php\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e23\u003c/td\u003e\n\u003ctd\u003eGraphQL by PoP\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/leoloso/PoP\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e24\u003c/td\u003e\n\u003ctd\u003eGraphQL API for WordPress\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/leoloso/PoP\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e25\u003c/td\u003e\n\u003ctd\u003eGraPHPinator\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/infinityloop-dev/graphpinator\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e26\u003c/td\u003e\n\u003ctd\u003eserge\u003c/td\u003e\n\u003ctd\u003ePHP\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/kepawni/serge\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e27\u003c/td\u003e\n\u003ctd\u003egraphql-java\u003c/td\u003e\n\u003ctd\u003eJava\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql-java/graphql-java\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e28\u003c/td\u003e\n\u003ctd\u003eDomain Graph Service (DGS) Framework\u003c/td\u003e\n\u003ctd\u003eJava\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/netflix/dgs-framework\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e29\u003c/td\u003e\n\u003ctd\u003egraphql-kotlin\u003c/td\u003e\n\u003ctd\u003eJava\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/ExpediaGroup/graphql-kotlin\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e30\u003c/td\u003e\n\u003ctd\u003eGraphQL Spring Boot\u003c/td\u003e\n\u003ctd\u003eJava\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql-java-kickstart/graphql-spring-boot\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e31\u003c/td\u003e\n\u003ctd\u003eKGraphQL\u003c/td\u003e\n\u003ctd\u003eJava\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/aPureBase/KGraphQL\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e32\u003c/td\u003e\n\u003ctd\u003egraphql-dotnet\u003c/td\u003e\n\u003ctd\u003eC# / .NET\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql-dotnet/graphql-dotnet\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e33\u003c/td\u003e\n\u003ctd\u003eHot Chocolate\u003c/td\u003e\n\u003ctd\u003eC# / .NET\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/ChilliCream/hotchocolate\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e34\u003c/td\u003e\n\u003ctd\u003eNGraphQL\u003c/td\u003e\n\u003ctd\u003eC# / .NET\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/rivantsov/ngraphql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e35\u003c/td\u003e\n\u003ctd\u003eGraphene\u003c/td\u003e\n\u003ctd\u003ePython\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql-python/graphene\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e36\u003c/td\u003e\n\u003ctd\u003eStrawberry\u003c/td\u003e\n\u003ctd\u003ePython\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/strawberry-graphql/strawberry\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e37\u003c/td\u003e\n\u003ctd\u003eAriadne\u003c/td\u003e\n\u003ctd\u003ePython\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/mirumee/ariadne\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e38\u003c/td\u003e\n\u003ctd\u003eTartiflette\u003c/td\u003e\n\u003ctd\u003ePython\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/tartiflette/tartiflette\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e39\u003c/td\u003e\n\u003ctd\u003eGraphiti\u003c/td\u003e\n\u003ctd\u003eSwift\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/GraphQLSwift/Graphiti\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e40\u003c/td\u003e\n\u003ctd\u003eGraphZahl\u003c/td\u003e\n\u003ctd\u003eSwift\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/nerdsupremacist/GraphZahl\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e41\u003c/td\u003e\n\u003ctd\u003eJuniper\u003c/td\u003e\n\u003ctd\u003eRust\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql-rust/juniper\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e42\u003c/td\u003e\n\u003ctd\u003eAsync-graphql\u003c/td\u003e\n\u003ctd\u003eRust\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/async-graphql/async-graphql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e43\u003c/td\u003e\n\u003ctd\u003egraphql-ruby\u003c/td\u003e\n\u003ctd\u003eRuby\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/rmosolgo/graphql-ruby\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e44\u003c/td\u003e\n\u003ctd\u003eAgoo\u003c/td\u003e\n\u003ctd\u003eRuby\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/ohler55/agoo\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e45\u003c/td\u003e\n\u003ctd\u003eAbsinthe\u003c/td\u003e\n\u003ctd\u003eElixir\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/absinthe-graphql/absinthe\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e46\u003c/td\u003e\n\u003ctd\u003egraphql-elixir\u003c/td\u003e\n\u003ctd\u003eElixir\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql-elixir/graphql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e47\u003c/td\u003e\n\u003ctd\u003eSangria\u003c/td\u003e\n\u003ctd\u003eScala\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/sangria-graphql/sangria\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e48\u003c/td\u003e\n\u003ctd\u003eCaliban\u003c/td\u003e\n\u003ctd\u003eScala\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/ghostdogpr/caliban\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e49\u003c/td\u003e\n\u003ctd\u003eIacinia\u003c/td\u003e\n\u003ctd\u003eClojure\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/walmartlabs/lacinia\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e50\u003c/td\u003e\n\u003ctd\u003egraphql-cli\u003c/td\u003e\n\u003ctd\u003eClojure\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/tendant/graphql-clj\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e51\u003c/td\u003e\n\u003ctd\u003ealumbra\u003c/td\u003e\n\u003ctd\u003eClojure\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/alumbra/alumbra\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e52\u003c/td\u003e\n\u003ctd\u003eMorpheus GraphQL\u003c/td\u003e\n\u003ctd\u003eHaskell\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/morpheusgraphql/morpheus-graphql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e53\u003c/td\u003e\n\u003ctd\u003eMu-Haskell\u003c/td\u003e\n\u003ctd\u003eHaskell\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/higherkindness/mu-haskell\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e54\u003c/td\u003e\n\u003ctd\u003eocaml-graphql-server\u003c/td\u003e\n\u003ctd\u003eOCaml\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/andreas/ocaml-graphql-server\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e55\u003c/td\u003e\n\u003ctd\u003egraphql-erlang\u003c/td\u003e\n\u003ctd\u003eErlang\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/jlouis/graphql-erlang\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e56\u003c/td\u003e\n\u003ctd\u003eghql\u003c/td\u003e\n\u003ctd\u003eR\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/ropensci/ghql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e57\u003c/td\u003e\n\u003ctd\u003egorm-graphql\u003c/td\u003e\n\u003ctd\u003eGroovy\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/grails/gorm-graphql\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e58\u003c/td\u003e\n\u003ctd\u003egraphql-perl\u003c/td\u003e\n\u003ctd\u003ePerl\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/graphql-perl/graphql-perl\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e59\u003c/td\u003e\n\u003ctd\u003egraphqld\u003c/td\u003e\n\u003ctd\u003eD\u003c/td\u003e\n\u003ctd\u003ehttps://github.com/burner/graphqld\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n","short_text":"You鈥檝e identified a GraphQL server, now what? Well, the next step in the process is to learn all you can about the specific server.","createdAt":"2022-08-31T06:29:58.570Z","updatedAt":"2023-09-11T15:25:28.846Z","publishedAt":"2022-09-06T14:22:29.333Z","path":"how_threat_actors_fingerprint_your_graphql_apis","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-09-06","keywords":null,"cover":{"data":{"id":271,"attributes":{"name":"How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp","alternativeText":"How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp","caption":"How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp","width":1400,"height":600,"hash":"How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is_e003468998","ext":".webp","mime":"image/webp","size":26.22,"url":"/img/strapi/How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:07.383Z","updatedAt":"2023-09-11T15:25:24.976Z"}}},"related":[{"id":27,"url":"how_threat_actors_detect_your_graphql_apis"},{"id":28,"url":"you-dont-need-to-disable-introspection"},{"id":29,"url":"inigo-is-a-proud-new-member-of-the-graphql-foundation"}]}},"related":[{"attributes":{"path":"dry-graphql-type-similarity-linting","cover":{"data":{"id":688,"attributes":{"name":"DRY in GraphQL- How the Type Similarity Linting Rule Keeps Your Schema Clean.png","alternativeText":"DRY in GraphQL- How the Type Similarity Linting Rule Keeps Your Schema Clean.png","caption":"DRY in GraphQL- How the Type Similarity Linting Rule Keeps Your Schema Clean.png","width":1400,"height":600,"hash":"DRY_in_Graph_QL_How_the_Type_Similarity_Linting_Rule_Keeps_Your_Schema_Clean_8dabc11603","ext":".png","mime":"image/png","size":374.71,"url":"/img/strapi/DRY_in_GraphQL-_How_the_Type_Similarity_Linting_Rule_Keeps_Your_Schema_Clean.png","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-12-11T19:29:07.946Z","updatedAt":"2024-12-11T19:29:07.946Z"}}},"date":"2024-12-11","author":"Nikolai Kaploniuk","title":"DRY in GraphQL: How the Type Similarity Linting Rule Keeps Your Schema Clean"}},{"attributes":{"path":"graphql-vercel-support","cover":{"data":{"id":687,"attributes":{"name":"Blog - Manage GraphQL with Vercel.webp","alternativeText":"Blog - Manage GraphQL with Vercel.webp","caption":"Blog - Manage GraphQL with Vercel.webp","width":2800,"height":1200,"hash":"Blog_Manage_Graph_QL_with_Vercel_57f8af52f4","ext":".webp","mime":"image/webp","size":37.09,"url":"/img/strapi/Blog__-_Manage_GraphQL_with_Vercel.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-12-05T21:15:02.970Z","updatedAt":"2024-12-05T21:15:02.970Z"}}},"date":"2024-12-05","author":"Adam Benhassen \u0026 Michael Skorokhodov","title":"Why We Added Vercel Support and What It Means for Developers"}},{"attributes":{"path":"graphql-schema-checks-with-github-actions","cover":{"data":{"id":684,"attributes":{"name":"Blog - GraphQL Schema Checks with GitHub Actions.webp","alternativeText":"Blog - GraphQL Schema Checks with GitHub Actions.webp","caption":"Blog - GraphQL Schema Checks with GitHub Actions.webp","width":2100,"height":900,"hash":"Blog_Graph_QL_Schema_Checks_with_Git_Hub_Actions_9fb0538564","ext":".webp","mime":"image/webp","size":27.44,"url":"/img/strapi/Blog_-_GraphQL_Schema_Checks_with_GitHub_Actions.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-11-19T04:38:59.521Z","updatedAt":"2024-11-19T04:38:59.521Z"}}},"date":"2024-11-19","author":"Nikolai Kaploniuk","title":"GraphQL Schema Checks with GitHub Actions"}}]},"__N_SSG":true},"page":"/blog/[pid]","query":{"pid":"how_threat_actors_fingerprint_your_graphql_apis"},"buildId":"lHJPeAsQX3aPSdI1hq6Lv","isFallback":false,"dynamicIds":[2352,1333],"gsp":true,"appGip":true,"scriptLoader":[]}</script></body></html>