CINXE.COM

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin="true"/><link href="/geist/stylesheet.css" rel="stylesheet"/><link href="/geist-mono/stylesheet.css" rel="stylesheet"/><link rel="canonical" href="https://inigo.io/blog/how_threat_actors_detect_your_graphql_apis"/><link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"/><link rel="manifest" href="/site.webmanifest"/><link rel="mask-icon" href="/safari-pinned-tab.svg" color="#042866"/><meta name="msapplication-TileColor" content="#da532c"/><meta name="theme-color" content="#ffffff"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta name="robots" content="index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1"/><link rel="shortlink" href="https://inigo.io/"/><title>How threat actors detect your GraphQL APIs | Inigo</title><meta property="description" content="How threat actors detect your GraphQL APIs"/><meta property="og:locale" content="en_US"/><meta property="og:type" content="website"/><meta property="og:title" content="How threat actors detect your GraphQL APIs"/><meta property="og:description" content="How threat actors detect your GraphQL APIs"/><meta name="keywords" content="GraphQL tracing, GraphQL errors, GraphQL schema, GraphQL playground, GraphQL observability, GraphQL analytics, GraphQL security, GraphQL apollo alternative, GraphQL rate limiting"/><meta property="og:site_name" content="Inigo"/><meta property="og:image" content="/img/strapi/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp"/><meta name="article-published_time" property="article:published_time" content="2022-08-29T00:00:00.000Z"/><meta name="article-modified_time" property="article:modified_time" content="2023-09-11T15:25:53.469Z"/><meta name="publish_date" property="og:publish_date" content="2022-08-29T00:00:00.000Z"/><meta name="author" property="og:author" content="Shahar Binyamin & Inigo team"/><meta property="og:image:width"/><meta property="og:image:height"/><meta property="og:image:type" content="image/png"/><meta property="og:url" content="https://inigo.io/blog/how_threat_actors_detect_your_graphql_apis"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="How threat actors detect your GraphQL APIs"/><meta name="twitter:description" content="How threat actors detect your GraphQL APIs"/><meta name="twitter:image" content="/img/strapi/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp"/><meta name="twitter:image:src" content="/img/strapi/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp"/><meta name="next-head-count" content="39"/><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin /><link rel="preload" href="/_next/static/css/8b1585d70dcaca9d.css" as="style"/><link rel="stylesheet" href="/_next/static/css/8b1585d70dcaca9d.css" data-n-g=""/><link rel="preload" href="/_next/static/css/e7be7b782f942680.css" as="style"/><link rel="stylesheet" href="/_next/static/css/e7be7b782f942680.css" data-n-p=""/><link rel="preload" href="/_next/static/css/c798ade0a54cee43.css" as="style"/><link rel="stylesheet" href="/_next/static/css/c798ade0a54cee43.css" data-n-p=""/><link rel="preload" href="/_next/static/css/74df91f10f659d7c.css" as="style"/><link rel="stylesheet" href="/_next/static/css/74df91f10f659d7c.css"/><link rel="preload" href="/_next/static/css/768bc07f6c9a9f29.css" as="style"/><link rel="stylesheet" href="/_next/static/css/768bc07f6c9a9f29.css"/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-5cd94c89d3acac5f.js"></script><script defer="" src="/_next/static/chunks/767-b19ff43fb6ca6cf9.js"></script><script defer="" src="/_next/static/chunks/352.2a7f5aa79cbcfcca.js"></script><script defer="" src="/_next/static/chunks/333.6df932fa345befef.js"></script><script src="/_next/static/chunks/webpack-786cb7ad8aa62992.js" defer=""></script><script src="/_next/static/chunks/framework-087e577bf6ac2de7.js" defer=""></script><script src="/_next/static/chunks/main-7d97e9e1bd3f6e9a.js" defer=""></script><script src="/_next/static/chunks/pages/_app-82101de9b8dc67c2.js" defer=""></script><script src="/_next/static/chunks/75fc9c18-6b37f4b68d337d33.js" defer=""></script><script src="/_next/static/chunks/248-f183e13e5e893106.js" defer=""></script><script src="/_next/static/chunks/61-cf831fc6a2d2684d.js" defer=""></script><script src="/_next/static/chunks/840-9397f05eae77152b.js" defer=""></script><script src="/_next/static/chunks/pages/blog/%5Bpid%5D-05725f727f57cdb9.js" defer=""></script><script src="/_next/static/lHJPeAsQX3aPSdI1hq6Lv/_buildManifest.js" defer=""></script><script src="/_next/static/lHJPeAsQX3aPSdI1hq6Lv/_ssgManifest.js" defer=""></script><script src="/_next/static/lHJPeAsQX3aPSdI1hq6Lv/_middlewareManifest.js" defer=""></script><style data-href="https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap">@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrFJM.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9V1g.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6V1g.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7V1g.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJnecnFHGPezSQ.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9Z1JlFd2JQEl8qw.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1JlFd2JQEl8qw.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1JlFd2JQEl8qw.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}</style><style data-href="https://fonts.googleapis.com/css2?family=Roboto+Mono:wght@400;500&display=swap">@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vqPQA.woff) format('woff')}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_7PqPQA.woff) format('woff')}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSV0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSx0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSt0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSd0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSZ0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0me8iUI0.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSV0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSx0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSt0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSd0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSZ0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0me8iUI0.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}</style><style data-href="https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@600;700&display=swap">@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkw.woff) format('woff')}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkw.woff) format('woff')}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmhdu3cOWxy40.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwkxdu3cOWxy40.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmxdu3cOWxy40.woff2) format('woff2');unicode-range:U+1F00-1FFF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdu3cOWxy40.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhdu3cOWxy40.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxdu3cOWxy40.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmxdu3cOWxy40.woff2) format('woff2');unicode-range:U+1F00-1FFF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRdu3cOWxy40.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}</style></head><body><div id="__next"><div id="header" class="Header_header__za8ic light"><div class="container Header_headerContainer__DDpCs"><a class="Header_logo__Nk2PP" style="display:flex;align-items:center;mask:url(/img/logo.svg) no-repeat center / contain;-webkit-mask:url(/img/logo.svg) no-repeat center / contain" href="/"><img width="102" height="32" alt="Inigo Logo" style="cursor:pointer;opacity:0" src="/img/logo.svg"/></a><div class="Header_navigation__LMP4c"><div class="Header_popoverMenu__BdAVY"><div class="Header_popoverMenuChildren__ASZvh"></div></div><div class="Header_item__sNSbg"><h3 class="Header_link__7jyD0" style="cursor:auto;user-select:none">Product<svg style="margin-left:8px" width="12" height="12" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M14.7216 5.63282L8.67216 11.7199C8.30094 12.0934 7.69906 12.0934 7.32784 11.7199L1.27842 5.63282C0.907194 5.25929 0.907194 4.65368 1.27842 4.28015C1.64964 3.90662 2.25151 3.90662 2.62273 4.28015L8 9.69084L13.3773 4.28015C13.7485 3.90662 14.3504 3.90662 14.7216 4.28015C15.0928 4.65368 15.0928 5.25929 14.7216 5.63282Z" fill="currentColor"></path></svg></h3></div><div class="Header_item__sNSbg"><h3 class="Header_link__7jyD0" style="cursor:auto;user-select:none">Solutions<svg style="margin-left:8px" width="12" height="12" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M14.7216 5.63282L8.67216 11.7199C8.30094 12.0934 7.69906 12.0934 7.32784 11.7199L1.27842 5.63282C0.907194 5.25929 0.907194 4.65368 1.27842 4.28015C1.64964 3.90662 2.25151 3.90662 2.62273 4.28015L8 9.69084L13.3773 4.28015C13.7485 3.90662 14.3504 3.90662 14.7216 4.28015C15.0928 4.65368 15.0928 5.25929 14.7216 5.63282Z" fill="currentColor"></path></svg></h3></div><div class="Header_item__sNSbg"><a href="/pricing"><h3 class="Header_link__7jyD0">Pricing</h3></a></div><div class="Header_item__sNSbg"><a target="_blank" href="https://docs.inigo.io"><h3 class="Header_link__7jyD0">Docs</h3></a></div><div class="Header_item__sNSbg"><a href="/blog"><h3 class="Header_link__7jyD0 Header_active__ArEjA">Blog</h3></a></div><div class="Header_item__sNSbg"><h3 class="Header_link__7jyD0" style="cursor:auto;user-select:none">Learn<svg style="margin-left:8px" width="12" height="12" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M14.7216 5.63282L8.67216 11.7199C8.30094 12.0934 7.69906 12.0934 7.32784 11.7199L1.27842 5.63282C0.907194 5.25929 0.907194 4.65368 1.27842 4.28015C1.64964 3.90662 2.25151 3.90662 2.62273 4.28015L8 9.69084L13.3773 4.28015C13.7485 3.90662 14.3504 3.90662 14.7216 4.28015C15.0928 4.65368 15.0928 5.25929 14.7216 5.63282Z" fill="currentColor"></path></svg></h3></div></div><div class="Header_actions__HXH_c" style="display:flex;margin-left:auto"><a href="https://landing.inigo.io/demo" target="_blank"><div class="Button_button__vjyUx" data-type="primary" data-size="default">Get a demo</div></a><div style="margin-left:24px"><a href="https://app.inigo.io/" target="_blank"><div class="Button_button__vjyUx" data-type="secondary" data-size="default">Get started for free</div></a></div></div></div></div><div class="Notifications_wrapper__MdtP8"><div class="Notifications_container__s6gON"></div></div><div style="flex:1"><div class="Blog_modal__ZNL0I"><svg xmlns="http://www.w3.org/2000/svg" height="32" width="32" viewBox="0 0 48 48" class="Blog_close__ekCso"><path d="M24 26.1 13.5 36.6q-.45.45-1.05.45-.6 0-1.05-.45-.45-.45-.45-1.05 0-.6.45-1.05L21.9 24 11.4 13.5q-.45-.45-.45-1.05 0-.6.45-1.05.45-.45 1.05-.45.6 0 1.05.45L24 21.9l10.5-10.5q.45-.45 1.05-.45.6 0 1.05.45.45.45.45 1.05 0 .6-.45 1.05L26.1 24l10.5 10.5q.45.45.45 1.05 0 .6-.45 1.05-.45.45-1.05.45-.6 0-1.05-.45Z"></path></svg></div><div class="Blog_navigationWrapper__o0wgQ"><div class="Blog_section__rJEq5 Blog_navigation__kNg6J"><div class="Blog_container___FXXS container"><div class="Blog_list__bfBXa"><a class="Blog_item__be49i level-2" href="/blog/how_threat_actors_detect_your_graphql_apis#GraphQL%20Endpoint%20Detection">GraphQL Endpoint Detection</a></div></div></div></div><div class="Blog_topWrapper__8hUbB"><div class="Blog_section__rJEq5"><div class="Blog_container___FXXS container"><div class="Blog_topContent__jXk7t"><div class="Blog_topButton__GoV4B"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M1.43751 15.5508L10.9438 6.42022C11.5271 5.85993 12.4729 5.85993 13.0562 6.42022L22.5625 15.5508C23.1458 16.1111 23.1458 17.0195 22.5625 17.5798C21.9791 18.1401 21.0333 18.1401 20.45 17.5798L12 9.46374L3.55001 17.5798C2.96666 18.1401 2.02086 18.1401 1.43751 17.5798C0.854162 17.0195 0.854162 16.1111 1.43751 15.5508Z" fill="#171717"></path></svg></div></div></div></div></div><div class="Blog_extraWrapper__YE8NJ"><div class="Blog_section__rJEq5"><div class="Blog_container___FXXS container"><div class="Blog_extraContent__KYByz dark"><div class="Blog_share__nJLzS"><span class="Blog_label__zPfxe">Share on</span><div class="Blog_divider__ULY6W">·</div><div class="Blog_social__X8XU_"><a href="https://www.linkedin.com/shareArticle?url=&title=How%20threat%20actors%20detect%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 2.00289C1 1.4493 1.46341 1 2.03474 1H13.9653C14.5368 1 15 1.4493 15 2.00289V13.9973C15 14.5511 14.5368 15 13.9653 15H2.03474C1.46341 15 1 14.5511 1 13.9975V2.0027V2.00289Z" fill="currentColor"></path><path d="M5.27011 13V6.25259H3.12644V13H5.27011Z" fill="white"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M8.60026 7.23109V7.20798L8.58603 7.23109H8.60026Z" fill="white"></path><path d="M6.45659 13H8.60007V9.23239C8.60007 9.03092 8.61412 8.82907 8.67069 8.68523C8.82561 8.28211 9.17833 7.86488 9.77063 7.86488C10.5461 7.86488 10.8565 8.48357 10.8565 9.39073V13H13V9.13126C13 7.05883 11.9426 6.09444 10.5323 6.09444C9.39514 6.09444 8.88517 6.74829 8.60026 7.20798V7.23109H8.58603L8.60026 7.20798V6.25279H6.45678C6.48469 6.88579 6.45659 13 6.45659 13Z" fill="white"></path><path d="M4.19865 5.33151C4.94605 5.33151 5.41135 4.81335 5.41135 4.16585C5.3973 3.50365 4.94605 3 4.21289 3C3.47916 3 3 3.50365 3 4.16585C3 4.81335 3.46511 5.33151 4.1846 5.33151H4.19865Z" fill="white"></path></svg></a><a href="https://twitter.com/intent/tweet?text=How%20threat%20actors%20detect%20your%20GraphQL%20APIs&url=" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M2.00038 2H5.56834C5.56778 2.00098 5.56859 2.00175 5.57077 2.0023C5.57256 2.00279 5.57395 2.00375 5.57496 2.00517L8.66365 6.40079C8.66454 6.40206 8.66572 6.40311 8.66709 6.40386C8.66846 6.40462 8.66999 6.40505 8.67156 6.40514C8.67312 6.40523 8.67469 6.40496 8.67614 6.40437C8.67759 6.40377 8.67888 6.40285 8.67991 6.4017L12.5465 2.00673C12.5477 2.00533 12.5493 2.00425 12.5511 2.00361C12.5534 2.00284 12.5554 2.00164 12.557 2H13.6114L9.14577 7.07601C9.14457 7.07741 9.14386 7.07914 9.14375 7.08095C9.14365 7.08276 9.14415 7.08454 9.14518 7.08602L13.9992 13.9935C14.0005 13.9953 14.0002 13.9969 13.9984 13.9982L13.9959 14H13.9206H10.4682H10.4347C10.4334 13.9988 10.4316 13.9978 10.4293 13.997C10.4266 13.996 10.4244 13.9944 10.4227 13.992L7.15716 9.34485C7.15676 9.34429 7.15624 9.34382 7.15563 9.34349C7.15502 9.34316 7.15434 9.34297 7.15364 9.34294C7.15294 9.3429 7.15224 9.34303 7.1516 9.34331C7.15096 9.34358 7.1504 9.344 7.14995 9.34453L3.05711 13.9966C3.0561 13.9977 3.05484 13.9983 3.05333 13.9983L2.01849 14H2.00155C1.99993 13.9965 2.00169 13.9919 2.00683 13.9861C3.56483 12.2156 5.12227 10.4456 6.67915 8.6762C6.68042 8.67474 6.68117 8.67291 6.68128 8.67098C6.68138 8.66906 6.68084 8.66714 6.67973 8.66554C5.12649 6.45523 3.57302 4.24451 2.01933 2.03338C2.01882 2.03267 2.01474 2.0277 2.00709 2.01846C2.00127 2.01146 1.99904 2.0053 2.00038 2ZM10.9423 13.2542C11.4761 13.2562 12.0091 13.2565 12.5413 13.2549C12.5424 13.2549 12.5435 13.2546 12.5444 13.254C12.5454 13.2534 12.5462 13.2526 12.5467 13.2516C12.5472 13.2506 12.5474 13.2495 12.5474 13.2484C12.5473 13.2474 12.5469 13.2463 12.5463 13.2454L5.06886 2.78685C5.06717 2.78449 5.06493 2.78257 5.06232 2.78124C5.0597 2.77992 5.0568 2.77922 5.05385 2.77922H3.4444C3.44365 2.77922 3.44291 2.77943 3.44227 2.77981C3.44164 2.78019 3.44111 2.78074 3.44077 2.78139C3.44042 2.78204 3.44027 2.78277 3.44032 2.7835C3.44036 2.78423 3.44062 2.78494 3.44104 2.78554C5.93025 6.26715 8.41957 9.74898 10.909 13.231C10.9202 13.2468 10.92 13.2541 10.9423 13.2542Z" fill="currentColor"></path></svg></a><a href="https://www.facebook.com/sharer/sharer.php?u=&t=How%20threat%20actors%20detect%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M5.84379 15H8.92189V9.09789H11.6953L12 6.16526H8.92189V4.68421C8.92189 4.48879 9.00297 4.30137 9.14728 4.16318C9.2916 4.025 9.48733 3.94737 9.69142 3.94737H12V1H9.69142C8.67096 1 7.6923 1.38816 6.97073 2.07908C6.24916 2.77 5.84379 3.7071 5.84379 4.68421V6.16526H4.30473L4 9.09789H5.84379V15Z" fill="currentColor"></path></svg></a><a href="https://reddit.com/submit?url=&title=How%20threat%20actors%20detect%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M7.1667 8.69333C7.1667 8.31333 6.85336 8 6.47336 8C6.09336 8 5.78003 8.31333 5.78003 8.69333C5.78003 8.87722 5.85308 9.05357 5.9831 9.18359C6.11313 9.31362 6.28948 9.38667 6.47336 9.38667C6.65725 9.38667 6.8336 9.31362 6.96362 9.18359C7.09365 9.05357 7.1667 8.87722 7.1667 8.69333ZM9.39336 10.2733C9.09336 10.5733 8.45336 10.68 8.00003 10.68C7.5467 10.68 6.9067 10.5733 6.6067 10.2733C6.59048 10.256 6.57087 10.2421 6.54908 10.2327C6.52729 10.2232 6.50379 10.2183 6.48003 10.2183C6.45627 10.2183 6.43277 10.2232 6.41098 10.2327C6.38919 10.2421 6.36958 10.256 6.35336 10.2733C6.336 10.2895 6.32216 10.3092 6.3127 10.331C6.30323 10.3527 6.29835 10.3762 6.29835 10.4C6.29835 10.4238 6.30323 10.4473 6.3127 10.469C6.32216 10.4908 6.336 10.5105 6.35336 10.5267C6.8267 11 7.73336 11.04 8.00003 11.04C8.2667 11.04 9.17336 11 9.6467 10.5267C9.66406 10.5105 9.6779 10.4908 9.68736 10.469C9.69682 10.4473 9.70171 10.4238 9.70171 10.4C9.70171 10.3762 9.69682 10.3527 9.68736 10.331C9.6779 10.3092 9.66406 10.2895 9.6467 10.2733C9.58003 10.2067 9.4667 10.2067 9.39336 10.2733ZM9.5267 8C9.1467 8 8.83336 8.31333 8.83336 8.69333C8.83336 9.07333 9.1467 9.38667 9.5267 9.38667C9.9067 9.38667 10.22 9.07333 10.22 8.69333C10.22 8.31333 9.91336 8 9.5267 8Z" fill="currentColor"></path><path d="M8.00004 1.33398C4.32004 1.33398 1.33337 4.32065 1.33337 8.00065C1.33337 11.6807 4.32004 14.6673 8.00004 14.6673C11.68 14.6673 14.6667 11.6807 14.6667 8.00065C14.6667 4.32065 11.68 1.33398 8.00004 1.33398ZM11.8667 8.88732C11.88 8.98065 11.8867 9.08065 11.8867 9.18065C11.8867 10.674 10.1467 11.8873 8.00004 11.8873C5.85337 11.8873 4.11337 10.674 4.11337 9.18065C4.11337 9.08065 4.12004 8.98065 4.13337 8.88732C3.79337 8.73398 3.56004 8.39398 3.56004 8.00065C3.55905 7.80948 3.61458 7.62228 3.71964 7.46256C3.8247 7.30285 3.97461 7.17774 4.15054 7.10295C4.32648 7.02816 4.52059 7.00702 4.7085 7.0422C4.89641 7.07737 5.06974 7.16729 5.20671 7.30065C5.88004 6.81398 6.81337 6.50732 7.84671 6.47398L8.34004 4.14732C8.34671 4.10065 8.37337 4.06065 8.41337 4.04065C8.45337 4.01398 8.50004 4.00732 8.54671 4.01398L10.16 4.36065C10.2148 4.2497 10.2982 4.15542 10.4016 4.08757C10.505 4.01972 10.6248 3.98079 10.7483 3.9748C10.8719 3.96881 10.9948 3.99599 11.1043 4.05352C11.2138 4.11105 11.3059 4.19684 11.3711 4.30198C11.4363 4.40711 11.4722 4.52778 11.475 4.65145C11.4778 4.77512 11.4475 4.8973 11.3872 5.00531C11.3269 5.11333 11.2388 5.20324 11.1321 5.26572C11.0253 5.3282 10.9037 5.36098 10.78 5.36065C10.4067 5.36065 10.1067 5.06732 10.0867 4.70065L8.64004 4.39398L8.20004 6.47398C9.22004 6.50732 10.1334 6.82065 10.8 7.30065C10.9022 7.20306 11.0245 7.12898 11.1583 7.08358C11.2922 7.03819 11.4343 7.02259 11.5748 7.03786C11.7153 7.05313 11.8507 7.09892 11.9716 7.17201C12.0926 7.2451 12.1961 7.34373 12.2749 7.461C12.3538 7.57827 12.406 7.71136 12.4281 7.85094C12.4501 7.99052 12.4414 8.13323 12.4025 8.26909C12.3636 8.40494 12.2955 8.53066 12.203 8.63745C12.1104 8.74424 11.9957 8.82952 11.8667 8.88732Z" fill="currentColor"></path></svg></a></div></div><div class="Blog_nav__jXHlK"><a class="Blog_prev__DRmHc" href="/blog/inigo-is-a-proud-new-member-of-the-graphql-foundation"><div class="Blog_label__zPfxe">Previous</div><div class="Blog_title__fzP73"><svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M7.77538 11.2812L3.21011 6.52812C2.92996 6.23645 2.92996 5.76355 3.21011 5.47188L7.77538 0.718757C8.05553 0.427081 8.50974 0.427081 8.78989 0.718757C9.07004 1.01043 9.07004 1.48333 8.78989 1.77501L4.73187 6L8.78989 10.225C9.07004 10.5167 9.07004 10.9896 8.78989 11.2812C8.50974 11.5729 8.05553 11.5729 7.77538 11.2812Z" fill="currentColor"></path></svg><span>Inigo is a proud new member of the GraphQL Foundation</span></div></a><a class="Blog_next__FWEgT" href="/blog/how_threat_actors_fingerprint_your_graphql_apis"><div class="Blog_label__zPfxe">Next</div><div class="Blog_title__fzP73"><svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M4.22462 0.718756L8.78989 5.47188C9.07004 5.76355 9.07004 6.23645 8.78989 6.52812L4.22462 11.2812C3.94447 11.5729 3.49026 11.5729 3.21011 11.2812C2.92996 10.9896 2.92996 10.5167 3.21011 10.225L7.26813 6L3.21011 1.77501C2.92996 1.48333 2.92996 1.01043 3.21011 0.718756C3.49026 0.427081 3.94447 0.427081 4.22462 0.718756Z" fill="currentColor"></path></svg><span>How threat actors fingerprint your GraphQL APIs</span></div></a></div><div class="Blog_posts__PbJWQ"><div class="Blog_badge__0Wwkr">Latest posts</div><div class="Posts_posts__TsKSt Posts_list__sWF1k"><div class="Posts_blur__wN2Tw"><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div></div><a class="Posts_post__DbZ9o" href="/blog/dry-graphql-type-similarity-linting"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/DRY_in_GraphQL-_How_the_Type_Similarity_Linting_Rule_Keeps_Your_Schema_Clean.png"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 11, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Nikolai Kaploniuk</div></div><h3>DRY in GraphQL: How the Type Similarity Linting Rule Keeps Your Schema Clean</h3><div class="Posts_footer__z7JYC"><a href="/blog/dry-graphql-type-similarity-linting"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-vercel-support"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog__-_Manage_GraphQL_with_Vercel.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 05, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Adam Benhassen & Michael Skorokhodov</div></div><h3>Why We Added Vercel Support and What It Means for Developers</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-vercel-support"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-schema-checks-with-github-actions"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog_-_GraphQL_Schema_Checks_with_GitHub_Actions.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Nov 19, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Nikolai Kaploniuk</div></div><h3>GraphQL Schema Checks with GitHub Actions</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-schema-checks-with-github-actions"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a></div></div></div></div></div></div><section class="Blog_section__rJEq5 Blog_full__l3zDW" data-section="article"><div class="container Blog_container___FXXS"><div class="Blog_breadcrumb__7mXC1"><a class="Blog_link__cvuxH" href="/blog"><svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M4.22462 0.718756L8.78989 5.47188C9.07004 5.76355 9.07004 6.23645 8.78989 6.52812L4.22462 11.2812C3.94447 11.5729 3.49026 11.5729 3.21011 11.2812C2.92996 10.9896 2.92996 10.5167 3.21011 10.225L7.26813 6L3.21011 1.77501C2.92996 1.48333 2.92996 1.01043 3.21011 0.718756C3.49026 0.427081 3.94447 0.427081 4.22462 0.718756Z" fill="currentColor"></path></svg><div>Blog</div></a></div><div class="Blog_share__nJLzS"><span class="Blog_label__zPfxe">Share on</span><div class="Blog_divider__ULY6W">·</div><div class="Blog_social__X8XU_"><a href="https://www.linkedin.com/shareArticle?url=&title=How%20threat%20actors%20detect%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 2.00289C1 1.4493 1.46341 1 2.03474 1H13.9653C14.5368 1 15 1.4493 15 2.00289V13.9973C15 14.5511 14.5368 15 13.9653 15H2.03474C1.46341 15 1 14.5511 1 13.9975V2.0027V2.00289Z" fill="currentColor"></path><path d="M5.27011 13V6.25259H3.12644V13H5.27011Z" fill="white"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M8.60026 7.23109V7.20798L8.58603 7.23109H8.60026Z" fill="white"></path><path d="M6.45659 13H8.60007V9.23239C8.60007 9.03092 8.61412 8.82907 8.67069 8.68523C8.82561 8.28211 9.17833 7.86488 9.77063 7.86488C10.5461 7.86488 10.8565 8.48357 10.8565 9.39073V13H13V9.13126C13 7.05883 11.9426 6.09444 10.5323 6.09444C9.39514 6.09444 8.88517 6.74829 8.60026 7.20798V7.23109H8.58603L8.60026 7.20798V6.25279H6.45678C6.48469 6.88579 6.45659 13 6.45659 13Z" fill="white"></path><path d="M4.19865 5.33151C4.94605 5.33151 5.41135 4.81335 5.41135 4.16585C5.3973 3.50365 4.94605 3 4.21289 3C3.47916 3 3 3.50365 3 4.16585C3 4.81335 3.46511 5.33151 4.1846 5.33151H4.19865Z" fill="white"></path></svg></a><a href="https://twitter.com/intent/tweet?text=How%20threat%20actors%20detect%20your%20GraphQL%20APIs&url=" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M2.00038 2H5.56834C5.56778 2.00098 5.56859 2.00175 5.57077 2.0023C5.57256 2.00279 5.57395 2.00375 5.57496 2.00517L8.66365 6.40079C8.66454 6.40206 8.66572 6.40311 8.66709 6.40386C8.66846 6.40462 8.66999 6.40505 8.67156 6.40514C8.67312 6.40523 8.67469 6.40496 8.67614 6.40437C8.67759 6.40377 8.67888 6.40285 8.67991 6.4017L12.5465 2.00673C12.5477 2.00533 12.5493 2.00425 12.5511 2.00361C12.5534 2.00284 12.5554 2.00164 12.557 2H13.6114L9.14577 7.07601C9.14457 7.07741 9.14386 7.07914 9.14375 7.08095C9.14365 7.08276 9.14415 7.08454 9.14518 7.08602L13.9992 13.9935C14.0005 13.9953 14.0002 13.9969 13.9984 13.9982L13.9959 14H13.9206H10.4682H10.4347C10.4334 13.9988 10.4316 13.9978 10.4293 13.997C10.4266 13.996 10.4244 13.9944 10.4227 13.992L7.15716 9.34485C7.15676 9.34429 7.15624 9.34382 7.15563 9.34349C7.15502 9.34316 7.15434 9.34297 7.15364 9.34294C7.15294 9.3429 7.15224 9.34303 7.1516 9.34331C7.15096 9.34358 7.1504 9.344 7.14995 9.34453L3.05711 13.9966C3.0561 13.9977 3.05484 13.9983 3.05333 13.9983L2.01849 14H2.00155C1.99993 13.9965 2.00169 13.9919 2.00683 13.9861C3.56483 12.2156 5.12227 10.4456 6.67915 8.6762C6.68042 8.67474 6.68117 8.67291 6.68128 8.67098C6.68138 8.66906 6.68084 8.66714 6.67973 8.66554C5.12649 6.45523 3.57302 4.24451 2.01933 2.03338C2.01882 2.03267 2.01474 2.0277 2.00709 2.01846C2.00127 2.01146 1.99904 2.0053 2.00038 2ZM10.9423 13.2542C11.4761 13.2562 12.0091 13.2565 12.5413 13.2549C12.5424 13.2549 12.5435 13.2546 12.5444 13.254C12.5454 13.2534 12.5462 13.2526 12.5467 13.2516C12.5472 13.2506 12.5474 13.2495 12.5474 13.2484C12.5473 13.2474 12.5469 13.2463 12.5463 13.2454L5.06886 2.78685C5.06717 2.78449 5.06493 2.78257 5.06232 2.78124C5.0597 2.77992 5.0568 2.77922 5.05385 2.77922H3.4444C3.44365 2.77922 3.44291 2.77943 3.44227 2.77981C3.44164 2.78019 3.44111 2.78074 3.44077 2.78139C3.44042 2.78204 3.44027 2.78277 3.44032 2.7835C3.44036 2.78423 3.44062 2.78494 3.44104 2.78554C5.93025 6.26715 8.41957 9.74898 10.909 13.231C10.9202 13.2468 10.92 13.2541 10.9423 13.2542Z" fill="currentColor"></path></svg></a><a href="https://www.facebook.com/sharer/sharer.php?u=&t=How%20threat%20actors%20detect%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M5.84379 15H8.92189V9.09789H11.6953L12 6.16526H8.92189V4.68421C8.92189 4.48879 9.00297 4.30137 9.14728 4.16318C9.2916 4.025 9.48733 3.94737 9.69142 3.94737H12V1H9.69142C8.67096 1 7.6923 1.38816 6.97073 2.07908C6.24916 2.77 5.84379 3.7071 5.84379 4.68421V6.16526H4.30473L4 9.09789H5.84379V15Z" fill="currentColor"></path></svg></a><a href="https://reddit.com/submit?url=&title=How%20threat%20actors%20detect%20your%20GraphQL%20APIs" target="_blank" rel="noopener noreferrer"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M7.1667 8.69333C7.1667 8.31333 6.85336 8 6.47336 8C6.09336 8 5.78003 8.31333 5.78003 8.69333C5.78003 8.87722 5.85308 9.05357 5.9831 9.18359C6.11313 9.31362 6.28948 9.38667 6.47336 9.38667C6.65725 9.38667 6.8336 9.31362 6.96362 9.18359C7.09365 9.05357 7.1667 8.87722 7.1667 8.69333ZM9.39336 10.2733C9.09336 10.5733 8.45336 10.68 8.00003 10.68C7.5467 10.68 6.9067 10.5733 6.6067 10.2733C6.59048 10.256 6.57087 10.2421 6.54908 10.2327C6.52729 10.2232 6.50379 10.2183 6.48003 10.2183C6.45627 10.2183 6.43277 10.2232 6.41098 10.2327C6.38919 10.2421 6.36958 10.256 6.35336 10.2733C6.336 10.2895 6.32216 10.3092 6.3127 10.331C6.30323 10.3527 6.29835 10.3762 6.29835 10.4C6.29835 10.4238 6.30323 10.4473 6.3127 10.469C6.32216 10.4908 6.336 10.5105 6.35336 10.5267C6.8267 11 7.73336 11.04 8.00003 11.04C8.2667 11.04 9.17336 11 9.6467 10.5267C9.66406 10.5105 9.6779 10.4908 9.68736 10.469C9.69682 10.4473 9.70171 10.4238 9.70171 10.4C9.70171 10.3762 9.69682 10.3527 9.68736 10.331C9.6779 10.3092 9.66406 10.2895 9.6467 10.2733C9.58003 10.2067 9.4667 10.2067 9.39336 10.2733ZM9.5267 8C9.1467 8 8.83336 8.31333 8.83336 8.69333C8.83336 9.07333 9.1467 9.38667 9.5267 9.38667C9.9067 9.38667 10.22 9.07333 10.22 8.69333C10.22 8.31333 9.91336 8 9.5267 8Z" fill="currentColor"></path><path d="M8.00004 1.33398C4.32004 1.33398 1.33337 4.32065 1.33337 8.00065C1.33337 11.6807 4.32004 14.6673 8.00004 14.6673C11.68 14.6673 14.6667 11.6807 14.6667 8.00065C14.6667 4.32065 11.68 1.33398 8.00004 1.33398ZM11.8667 8.88732C11.88 8.98065 11.8867 9.08065 11.8867 9.18065C11.8867 10.674 10.1467 11.8873 8.00004 11.8873C5.85337 11.8873 4.11337 10.674 4.11337 9.18065C4.11337 9.08065 4.12004 8.98065 4.13337 8.88732C3.79337 8.73398 3.56004 8.39398 3.56004 8.00065C3.55905 7.80948 3.61458 7.62228 3.71964 7.46256C3.8247 7.30285 3.97461 7.17774 4.15054 7.10295C4.32648 7.02816 4.52059 7.00702 4.7085 7.0422C4.89641 7.07737 5.06974 7.16729 5.20671 7.30065C5.88004 6.81398 6.81337 6.50732 7.84671 6.47398L8.34004 4.14732C8.34671 4.10065 8.37337 4.06065 8.41337 4.04065C8.45337 4.01398 8.50004 4.00732 8.54671 4.01398L10.16 4.36065C10.2148 4.2497 10.2982 4.15542 10.4016 4.08757C10.505 4.01972 10.6248 3.98079 10.7483 3.9748C10.8719 3.96881 10.9948 3.99599 11.1043 4.05352C11.2138 4.11105 11.3059 4.19684 11.3711 4.30198C11.4363 4.40711 11.4722 4.52778 11.475 4.65145C11.4778 4.77512 11.4475 4.8973 11.3872 5.00531C11.3269 5.11333 11.2388 5.20324 11.1321 5.26572C11.0253 5.3282 10.9037 5.36098 10.78 5.36065C10.4067 5.36065 10.1067 5.06732 10.0867 4.70065L8.64004 4.39398L8.20004 6.47398C9.22004 6.50732 10.1334 6.82065 10.8 7.30065C10.9022 7.20306 11.0245 7.12898 11.1583 7.08358C11.2922 7.03819 11.4343 7.02259 11.5748 7.03786C11.7153 7.05313 11.8507 7.09892 11.9716 7.17201C12.0926 7.2451 12.1961 7.34373 12.2749 7.461C12.3538 7.57827 12.406 7.71136 12.4281 7.85094C12.4501 7.99052 12.4414 8.13323 12.4025 8.26909C12.3636 8.40494 12.2955 8.53066 12.203 8.63745C12.1104 8.74424 11.9957 8.82952 11.8667 8.88732Z" fill="currentColor"></path></svg></a></div></div><div class="Blog_post__nxiI8"><div class="Blog_content__hr05U"><h1 class="Blog_title__fzP73">How threat actors detect your GraphQL APIs</h1><div class="Blog_info__mxOuz"><span>Shahar Binyamin & Inigo team</span><a class="Blog_twitter__4xLXu" href="https://twitter.com/ShacharBinyamin" target="_blank"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M2.00038 2H5.56834C5.56778 2.00098 5.56859 2.00175 5.57077 2.0023C5.57256 2.00279 5.57395 2.00375 5.57496 2.00517L8.66365 6.40079C8.66454 6.40206 8.66572 6.40311 8.66709 6.40386C8.66846 6.40462 8.66999 6.40505 8.67156 6.40514C8.67312 6.40523 8.67469 6.40496 8.67614 6.40437C8.67759 6.40377 8.67888 6.40285 8.67991 6.4017L12.5465 2.00673C12.5477 2.00533 12.5493 2.00425 12.5511 2.00361C12.5534 2.00284 12.5554 2.00164 12.557 2H13.6114L9.14577 7.07601C9.14457 7.07741 9.14386 7.07914 9.14375 7.08095C9.14365 7.08276 9.14415 7.08454 9.14518 7.08602L13.9992 13.9935C14.0005 13.9953 14.0002 13.9969 13.9984 13.9982L13.9959 14H13.9206H10.4682H10.4347C10.4334 13.9988 10.4316 13.9978 10.4293 13.997C10.4266 13.996 10.4244 13.9944 10.4227 13.992L7.15716 9.34485C7.15676 9.34429 7.15624 9.34382 7.15563 9.34349C7.15502 9.34316 7.15434 9.34297 7.15364 9.34294C7.15294 9.3429 7.15224 9.34303 7.1516 9.34331C7.15096 9.34358 7.1504 9.344 7.14995 9.34453L3.05711 13.9966C3.0561 13.9977 3.05484 13.9983 3.05333 13.9983L2.01849 14H2.00155C1.99993 13.9965 2.00169 13.9919 2.00683 13.9861C3.56483 12.2156 5.12227 10.4456 6.67915 8.6762C6.68042 8.67474 6.68117 8.67291 6.68128 8.67098C6.68138 8.66906 6.68084 8.66714 6.67973 8.66554C5.12649 6.45523 3.57302 4.24451 2.01933 2.03338C2.01882 2.03267 2.01474 2.0277 2.00709 2.01846C2.00127 2.01146 1.99904 2.0053 2.00038 2ZM10.9423 13.2542C11.4761 13.2562 12.0091 13.2565 12.5413 13.2549C12.5424 13.2549 12.5435 13.2546 12.5444 13.254C12.5454 13.2534 12.5462 13.2526 12.5467 13.2516C12.5472 13.2506 12.5474 13.2495 12.5474 13.2484C12.5473 13.2474 12.5469 13.2463 12.5463 13.2454L5.06886 2.78685C5.06717 2.78449 5.06493 2.78257 5.06232 2.78124C5.0597 2.77992 5.0568 2.77922 5.05385 2.77922H3.4444C3.44365 2.77922 3.44291 2.77943 3.44227 2.77981C3.44164 2.78019 3.44111 2.78074 3.44077 2.78139C3.44042 2.78204 3.44027 2.78277 3.44032 2.7835C3.44036 2.78423 3.44062 2.78494 3.44104 2.78554C5.93025 6.26715 8.41957 9.74898 10.909 13.231C10.9202 13.2468 10.92 13.2541 10.9423 13.2542Z" fill="currentColor"></path></svg></a><span class="Blog_divider__ULY6W">·</span><time class="Blog_date__RKpq9">Aug 29, 2022</time></div><div class="Blog_cover__22FQK"><img height="100%" src="/img/strapi/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp"/></div><div class="Blog_text__PHSp3"><p>Threat actors are after your APIs. Whether it’s your data that they’re interested in, or abusing your services for their financial gain. The reasons why threat actors target different organizations can vary, but one of the first steps they take in their hacking methodology is often consistent and predictable - <strong>information gathering</strong> or <strong>reconnaissance</strong>.</p> <p>When hackers gather information on a target application, they do so both passively and actively. Passive information gathering does not involve sending packets to the targeted application - it involves gathering information through other channels that are indirect to the main application or the company operating it as a means to remain stealthy (but not only). For example, passive information gathering can be done by looking up the company’s name on GitHub in hopes of finding public repositories that could give them hints on what technologies are in use, or to find credentials that were hard-coded but forgotten about that they can then reuse.</p> <p>Active information gathering involves communicating with the application, this requires the threat actors to send some traffic to the application. Imagine you are defending a large-scale application that serves millions of clients. You can appreciate how difficult it becomes to identify anomalous behavior if you don’t know what anomalous traffic could look like. Inigo’s solution not only allows cherry-picking those GraphQL queries that are targeting your application in a riskier way and surface the interesting ones to your security team, but also block and alert on them.</p> <p><img src="https://cms.inigo.io/uploads/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_26f3a8ef35.png" alt="How Threat Actors Detect your GraphQL APIs.png"></p> <h2 id="GraphQL%20Endpoint%20Detection">GraphQL Endpoint Detection</h2> <p>GraphQL introduces a shift in how clients request their data from applications using its innovative declarative query language. In GraphQL, clients express their intent using a query payload. If you ever used REST APIs, you may recall that in REST, a client’s intention is expressed by the combination of the HTTP method (GET, PUT, POST, DELETE) and the resource path (such as /v1/users). For instance, a GET request to /v1/users would result in fetching the list of all users of a given application.</p> <p>GraphQL, on the other hand, uses a single endpoint (such as /graphql) and some query to fetch a list of users. Such query could look like the following:</p> <pre><code>users { name email } </code></pre> <p>So, how can threat actors discover whether an application is using GraphQL or another API technology? They do so by sending some query (the query does not have to be a valid one) to a list of possible endpoints that GraphQL may exist on, and observing the responses returned by the server.</p> <p>For example, this is how a cURL request to a GraphQL endpoint could look like:</p> <pre><code>$ curl https://example.inigo.io/graphql -d '{"query":"query { users { name email } }"}' -H "Content-Type: application/json" </code></pre> <p>A typical GraphQL response is in JSON, and includes data or errors (or both) objects, which give away the fact this is a GraphQL API that responded:</p> <pre><code>{"errors":[{"message":"Cannot query field \"users\" on type \"Query\".","extensions":{"code":"GRAPHQL_VALIDATION_FAILED"}}]} </code></pre> <p>This method can then be automated so queries run against multiple endpoints in parallel. Possible endpoints could be:</p> <ul> <li>/graphql</li> <li>/query</li> <li>/api</li> <li>/playground</li> <li>/console</li> <li>/graphiql</li> </ul> <p>If API versioning is in place, you may find GraphQL located in paths such as:</p> <ul> <li>/v1/graphql</li> <li>/v2/graphql</li> <li>/v1/query</li> <li>/v2/query</li> <li>/v1/console</li> <li>/v2/console</li> </ul> <p>As you can see, APIs can be present in different locations. GraphQL servers can also be customized to point to a completely arbitrary location that isn’t on the list above. However, GraphQL API responses are often predictable, as dictated by the official GraphQL specification <a target="_blank" href="https://spec.graphql.org/October2021/#sec-Response-Format">Response Format</a> section (7.1), allowing actors to identify that GraphQL is the interface which they are interacting with. Here is an excerpt of the response format section:</p> <blockquote> <p>A response to a GraphQL request must be a map. If the request raised any errors, the response map must contain an entry with key errors. The value of this entry is described in the “Errors” section. If the request is completed without raising any errors, this entry must not be present. If the request included execution, the response map must contain an entry with key data. The value of this entry is described in the “Data” section. If the request failed before execution, due to a syntax error, missing information, or validation error, this entry must not be present. The response map may also contain an entry with key extensions. This entry, if set, must have a map as its value. This entry is reserved for implementors to extend the protocol however they see fit, and hence there are no additional restrictions on its contents.</p> </blockquote> <p>This means that keys such as <strong>data</strong>, <strong>errors</strong> and <strong>extensions</strong> are all keys you may find in a GraphQL response. Armed with this knowledge, threat actors can build this logic into scanning tools to find where your GraphQL APIs live. In a future post, we will explore what threat actors might do after a GraphQL server was found.</p> <p>When threat actors are performing an information gathering activity, they typically try different variations of queries. Some may be valid, some may not. Invalid queries could result in server exceptions. Inigo’s solution provides a layer of protection for your GraphQL APIs, our unique position in your architecture allows us to detect malformed queries against existent and non-existent endpoints and mitigate against such activity. Using our GraphQL Security and Management solution. Reach out to us for more information.</p> </div></div></div></div></section><div class="Blog_section__rJEq5 Blog_getStarted__Kzhdd dark undefined" data-section="__get_started"><div class="Blog_container___FXXS container"><div class="Blog_card__N6nuN"><span class="Blog_title__fzP73">Ready <strong>to accelerate</strong> your GraphQL adoption?</span><div class="Blog_actions__v4MsO"><a href="https://app.inigo.io" target="_blank"><div class="Button_button__vjyUx" data-type="primary" data-size="default">Start Inigo for free</div></a><div class="Blog_caption__kylxA">*No credit card needed</div></div></div><div class="Blog_card__N6nuN"><span class="Blog_title__fzP73">Join our <strong>newsletter</strong></span><div class="Blog_actions__v4MsO"><div class="Subscribe_subscribe__fdAxO"><div class="Subscribe_input__4SSQ5"><div class="Input_container__uVEry Input_disableClear__j5G8v" data-state="default"><div class="Input_field__78goo"><input class="Input_input__T9DSh" type="text" placeholder="Enter your email" value=""/></div></div><div class="Subscribe_tooltip__L8Jii"><svg width="16" height="18" viewBox="0 0 16 18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M7.37141 2.38853C7.6304 1.87049 8.3696 1.87049 8.62859 2.38854L15.9249 16.9828C16.1585 17.4501 15.8187 18 15.2963 18H0.703694C0.181255 18 -0.15854 17.4501 0.0751019 16.9828L7.37141 2.38853Z" fill="#FFC836"></path><path d="M7.71541 6.25414C7.30215 6.25414 6.97809 6.60903 7.01551 7.02064L7.61681 13.6357C7.63482 13.8339 7.801 13.9857 8.00001 13.9857C8.19903 13.9857 8.3652 13.8339 8.38322 13.6357L8.98452 7.02064C9.02193 6.60903 8.69788 6.25414 8.28462 6.25414H7.71541Z" fill="white"></path><path d="M8 16.7971C8.58221 16.7971 9.05418 16.3251 9.05418 15.7428C9.05418 15.1606 8.58221 14.6885 8 14.6885C7.41779 14.6885 6.94582 15.1606 6.94582 15.7428C6.94582 16.3251 7.41779 16.7971 8 16.7971Z" fill="white"></path></svg>Please enter valid email.</div></div><button class="Button_button__vjyUx" data-disabled="false" data-type="primary" data-size="default">Subscribe</button></div></div></div></div></div><section class="Blog_section__rJEq5 Blog_related__KEL4A Blog_fullRelated__8aCvq dark" data-section="more"><div class="container Blog_container___FXXS"><div class="Posts_posts__TsKSt Posts_alternate__4SC8P"><div class="Posts_blur__wN2Tw"><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div></div><a class="Posts_post__DbZ9o" href="/blog/dry-graphql-type-similarity-linting"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/DRY_in_GraphQL-_How_the_Type_Similarity_Linting_Rule_Keeps_Your_Schema_Clean.png"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 11, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Nikolai Kaploniuk</div></div><h3>DRY in GraphQL: How the Type Similarity Linting Rule Keeps Your Schema Clean</h3><div class="Posts_footer__z7JYC"><a href="/blog/dry-graphql-type-similarity-linting"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-vercel-support"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog__-_Manage_GraphQL_with_Vercel.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 05, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Adam Benhassen & Michael Skorokhodov</div></div><h3>Why We Added Vercel Support and What It Means for Developers</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-vercel-support"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-schema-checks-with-github-actions"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog_-_GraphQL_Schema_Checks_with_GitHub_Actions.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Nov 19, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Nikolai Kaploniuk</div></div><h3>GraphQL Schema Checks with GitHub Actions</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-schema-checks-with-github-actions"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a></div></div></section></div><div class="Footer_footer__AaBZs dark"><div class="container"><div class="Footer_main__Pz_IY"><div class="Footer_left__g5Jwd"><a href="/"><img class="Footer_logo__RdbIO" width="127" height="36" alt="Inigo Logo" src="/img/logo_alternate.svg" loading="lazy"/></a></div><div class="Footer_navigation__97Tfv"><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Product</h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="/observability">In-Depth Observability </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="/managed_schema">Schema Registry </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="security">Multi-Layer Security </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="explorer">GraphQL Explorer </a></div></div></div><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Solutions </h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="gateway">Inigo's GraphQL Router </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="byog">Inigo’s Apollo Plugin </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="byos">Inigo’s GraphQL Middleware </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="api-gateway">API Gateway Integration </a></div></div></div><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Learn</h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="blog">Blog </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://docs.inigo.io">Docs <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://docs.inigo.io/tutorials/tutorials_part_1">Tutorials <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="apollo-vs-inigo">Inigo vs. GraphOS </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="media">Media & Webinars </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="press">Press </a></div></div></div><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Company</h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="about">About us </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="legal">Legal </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://reddit.com/user/InigoGraphQL">Reddit <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://www.linkedin.com/company/inigo">LinkedIn <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://github.com/inigolabs">GitHub <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://landing.inigo.io/demo">Contact us <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div></div></div></div></div><div class="Footer_copyright__E_szu"><span>Copyright © 2024 Inigo Labs, Inc. |  All Rights Reserved. | <a href="https://status.inigo.io" target="_blank">Systems Status</a></span></div></div></div><script async="" src="https://embed.savvycal.com/v1/embed.js"></script><script> window.SavvyCal=window.SavvyCal||function(){(SavvyCal.q=SavvyCal.q||[]).push(arguments)}; </script><script> SavvyCal('init'); </script></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"pages":[{"pid":"kubecon-na-2022","title":"kubecon-na-2022"},{"pid":"press","title":"press"},{"pid":"about","title":"about"},{"pid":"home","title":"home"},{"pid":"__security","title":"__security"},{"pid":"query_protection","title":"query_protection"},{"pid":"access_control","title":"access_control"},{"pid":"rate_limiting","title":"rate_limiting"},{"pid":"managed_federation","title":"managed_federation"},{"pid":"careers","title":"careers"},{"pid":"observability","title":"observability"},{"pid":"managed_schema","title":"managed_schema"},{"pid":"security","title":"security"},{"pid":"explorer","title":"explorer"},{"pid":"solutions","title":"solutions"},{"pid":"byog","title":"byog"},{"pid":"api-gateway","title":"api-gateway"},{"pid":"byos","title":"byos"},{"pid":"gateway","title":"gateway"}],"headerNavigation":[{"id":14,"Title":"Product","ref":null,"children":[{"id":65,"title":"In-Depth Observability","ref":"observability","description":"Analytics, Errors and Alerting","color":"#8F8CE1","icon":{"data":{"id":471,"attributes":{"name":"icon_monitoring.svg","alternativeText":"icon_monitoring.svg","caption":"icon_monitoring.svg","width":48,"height":48,"hash":"icon_monitoring_4d769619ee","ext":".svg","mime":"image/svg+xml","size":0.56,"url":"/img/strapi/icon_monitoring.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T15:44:24.623Z","updatedAt":"2023-12-26T15:44:24.623Z"}}},"children":[]},{"id":68,"title":"Schema Registry","ref":"managed_schema","description":"Composition, Schema Checks, Registry and Linting","color":"#AC44EF","icon":{"data":{"id":480,"attributes":{"name":"icon_schema.svg","alternativeText":"icon_schema.svg","caption":"icon_schema.svg","width":48,"height":48,"hash":"icon_schema_dd41bc4feb","ext":".svg","mime":"image/svg+xml","size":2.12,"url":"/img/strapi/icon_schema.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T16:40:51.519Z","updatedAt":"2023-12-26T16:40:51.519Z"}}},"children":[]},{"id":67,"title":"Multi-Layer Security","ref":"security","description":"Rate Limiting and Query Protection","color":"#84ACF3","icon":{"data":{"id":486,"attributes":{"name":"icon_security.svg","alternativeText":"icon_security.svg","caption":"icon_security.svg","width":48,"height":48,"hash":"icon_security_a3240ef9ab","ext":".svg","mime":"image/svg+xml","size":1.8,"url":"/img/strapi/icon_security.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T16:53:58.372Z","updatedAt":"2023-12-26T16:53:58.372Z"}}},"children":[]},{"id":66,"title":"GraphQL Explorer","ref":"explorer","description":"Collaborative Query Builder","color":"#D4B053","icon":{"data":{"id":491,"attributes":{"name":"icon_playground.svg","alternativeText":"icon_playground.svg","caption":"icon_playground.svg","width":48,"height":48,"hash":"icon_playground_b055fdcfa3","ext":".svg","mime":"image/svg+xml","size":1.05,"url":"/img/strapi/icon_playground.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T17:03:25.614Z","updatedAt":"2023-12-26T17:03:25.614Z"}}},"children":[]}]},{"id":17,"Title":"Solutions","ref":null,"children":[{"id":92,"title":"Use cases","ref":null,"description":null,"color":null,"icon":{"data":null},"children":[{"id":15,"title":"Inigo's GraphQL Router","ref":"gateway","icon":{"data":{"id":644,"attributes":{"name":"nav_inigo.svg","alternativeText":"nav_inigo.svg","caption":"nav_inigo.svg","width":16,"height":16,"hash":"nav_inigo_74f7ea23d1","ext":".svg","mime":"image/svg+xml","size":5.26,"url":"/img/strapi/nav_inigo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:36:05.083Z","updatedAt":"2024-08-23T14:36:05.083Z"}}}},{"id":12,"title":"Inigo’s Apollo Plugin","ref":"byog","icon":{"data":{"id":641,"attributes":{"name":"nav_byog.svg","alternativeText":"nav_byog.svg","caption":"nav_byog.svg","width":16,"height":16,"hash":"nav_byog_c44e9018e9","ext":".svg","mime":"image/svg+xml","size":6.93,"url":"/img/strapi/nav_byog.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:35:37.325Z","updatedAt":"2024-08-23T14:35:37.325Z"}}}},{"id":11,"title":"Inigo’s GraphQL Middleware","ref":"byos","icon":{"data":{"id":642,"attributes":{"name":"nav_byos.svg","alternativeText":"nav_byos.svg","caption":"nav_byos.svg","width":16,"height":16,"hash":"nav_byos_f05073cea1","ext":".svg","mime":"image/svg+xml","size":0.85,"url":"/img/strapi/nav_byos.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:35:47.192Z","updatedAt":"2024-08-23T14:35:47.192Z"}}}},{"id":13,"title":"API Gateway Integration","ref":"api-gateway","icon":{"data":{"id":643,"attributes":{"name":"nav_api.svg","alternativeText":"nav_api.svg","caption":"nav_api.svg","width":16,"height":16,"hash":"nav_api_e27c691a68","ext":".svg","mime":"image/svg+xml","size":1.41,"url":"/img/strapi/nav_api.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:35:57.287Z","updatedAt":"2024-08-23T14:35:57.287Z"}}}}]},{"id":93,"title":"Integrations","ref":null,"description":null,"color":null,"icon":{"data":null},"children":[{"id":21,"title":"Apollo Server","ref":"https://docs.inigo.io/product/agent_installation/javascript_apollo_plugin","icon":{"data":{"id":623,"attributes":{"name":"Apollo.svg","alternativeText":"Apollo.svg","caption":"Apollo.svg","width":16,"height":16,"hash":"Apollo_575ff22caf","ext":".svg","mime":"image/svg+xml","size":1.7,"url":"/img/strapi/Apollo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:03.978Z","updatedAt":"2024-08-02T14:35:03.978Z"}}}},{"id":22,"title":"Apollo Gateway","ref":"https://docs.inigo.io/product/agent_installation/javascript_apollo_gateway","icon":{"data":{"id":623,"attributes":{"name":"Apollo.svg","alternativeText":"Apollo.svg","caption":"Apollo.svg","width":16,"height":16,"hash":"Apollo_575ff22caf","ext":".svg","mime":"image/svg+xml","size":1.7,"url":"/img/strapi/Apollo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:03.978Z","updatedAt":"2024-08-02T14:35:03.978Z"}}}},{"id":20,"title":"Apollo Router","ref":"https://docs.inigo.io/product/agent_installation/rust_apollo_router","icon":{"data":{"id":623,"attributes":{"name":"Apollo.svg","alternativeText":"Apollo.svg","caption":"Apollo.svg","width":16,"height":16,"hash":"Apollo_575ff22caf","ext":".svg","mime":"image/svg+xml","size":1.7,"url":"/img/strapi/Apollo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:03.978Z","updatedAt":"2024-08-02T14:35:03.978Z"}}}},{"id":23,"title":"Guild Yoga","ref":"https://docs.inigo.io/product/agent_installation/yoga","icon":{"data":{"id":624,"attributes":{"name":"logo yoga.svg","alternativeText":"logo yoga.svg","caption":"logo yoga.svg","width":16,"height":16,"hash":"logo_yoga_44d58eb36e","ext":".svg","mime":"image/svg+xml","size":6.55,"url":"/img/strapi/logo_yoga.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:21.568Z","updatedAt":"2024-08-02T14:35:21.568Z"}}}},{"id":24,"title":"Python Django","ref":"https://docs.inigo.io/product/agent_installation/python_django","icon":{"data":{"id":625,"attributes":{"name":"Phyton.svg","alternativeText":"Phyton.svg","caption":"Phyton.svg","width":16,"height":16,"hash":"Phyton_55ad6cdfd5","ext":".svg","mime":"image/svg+xml","size":1.61,"url":"/img/strapi/Phyton.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:28.237Z","updatedAt":"2024-08-02T14:35:28.237Z"}}}},{"id":25,"title":"Python Flask","ref":"https://docs.inigo.io/product/agent_installation/python_flask","icon":{"data":{"id":625,"attributes":{"name":"Phyton.svg","alternativeText":"Phyton.svg","caption":"Phyton.svg","width":16,"height":16,"hash":"Phyton_55ad6cdfd5","ext":".svg","mime":"image/svg+xml","size":1.61,"url":"/img/strapi/Phyton.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:28.237Z","updatedAt":"2024-08-02T14:35:28.237Z"}}}},{"id":26,"title":"Ruby on Rails","ref":"https://docs.inigo.io/product/agent_installation/ruby_on_rails","icon":{"data":{"id":626,"attributes":{"name":"Rails.svg","alternativeText":"Rails.svg","caption":"Rails.svg","width":16,"height":16,"hash":"Rails_0ad6e72312","ext":".svg","mime":"image/svg+xml","size":3.05,"url":"/img/strapi/Rails.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:05.667Z","updatedAt":"2024-08-20T16:19:19.312Z"}}}},{"id":27,"title":"Kubernetes Sidecar","ref":"https://docs.inigo.io/product/agent_installation/kubernetes","icon":{"data":{"id":627,"attributes":{"name":"Kubernetes.svg","alternativeText":"Kubernetes.svg","caption":"Kubernetes.svg","width":16,"height":16,"hash":"Kubernetes_94709cae0f","ext":".svg","mime":"image/svg+xml","size":11.32,"url":"/img/strapi/Kubernetes.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:16.514Z","updatedAt":"2024-08-02T14:36:16.514Z"}}}},{"id":30,"title":"Docker Standalone","ref":"https://docs.inigo.io/product/agent_installation/docker_standalone","icon":{"data":{"id":629,"attributes":{"name":"docker-icon-1024x739-rivf80b4 1.svg","alternativeText":"docker-icon-1024x739-rivf80b4 1.svg","caption":"docker-icon-1024x739-rivf80b4 1.svg","width":16,"height":16,"hash":"docker_icon_1024x739_rivf80b4_1_b9fe9b77d5","ext":".svg","mime":"image/svg+xml","size":4.68,"url":"/img/strapi/docker-icon-1024x739-rivf80b4_1.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:38.510Z","updatedAt":"2024-08-02T14:36:38.510Z"}}}},{"id":28,"title":"Docker Compose","ref":"https://docs.inigo.io/product/agent_installation/docker_compose","icon":{"data":{"id":629,"attributes":{"name":"docker-icon-1024x739-rivf80b4 1.svg","alternativeText":"docker-icon-1024x739-rivf80b4 1.svg","caption":"docker-icon-1024x739-rivf80b4 1.svg","width":16,"height":16,"hash":"docker_icon_1024x739_rivf80b4_1_b9fe9b77d5","ext":".svg","mime":"image/svg+xml","size":4.68,"url":"/img/strapi/docker-icon-1024x739-rivf80b4_1.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:38.510Z","updatedAt":"2024-08-02T14:36:38.510Z"}}}},{"id":29,"title":"Local Daemon","ref":"https://docs.inigo.io/product/agent_installation/standalone_agent","icon":{"data":{"id":645,"attributes":{"name":"local.svg","alternativeText":"local.svg","caption":"local.svg","width":16,"height":16,"hash":"local_5ba2d666f4","ext":".svg","mime":"image/svg+xml","size":0.27,"url":"/img/strapi/local.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:39:16.170Z","updatedAt":"2024-08-23T14:39:16.170Z"}}}},{"id":31,"title":"Kong","ref":"https://docs.inigo.io/product/agent_installation/kong","icon":{"data":{"id":631,"attributes":{"name":"Kong.svg","alternativeText":"Kong.svg","caption":"Kong.svg","width":17,"height":16,"hash":"Kong_3c06a74bde","ext":".svg","mime":"image/svg+xml","size":4.34,"url":"/img/strapi/Kong.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:37:16.806Z","updatedAt":"2024-08-02T14:37:16.806Z"}}}},{"id":32,"title":"Google Cloud Apigee","ref":"https://docs.inigo.io/product/agent_installation/apigee","icon":{"data":{"id":632,"attributes":{"name":"API.svg","alternativeText":"API.svg","caption":"API.svg","width":16,"height":16,"hash":"API_5e1d30f296","ext":".svg","mime":"image/svg+xml","size":3.71,"url":"/img/strapi/API.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:37:26.601Z","updatedAt":"2024-08-02T14:37:26.601Z"}}}},{"id":33,"title":"Hasura","ref":"https://docs.inigo.io/product/agent_installation/hasura","icon":{"data":{"id":573,"attributes":{"name":"Hasura.svg","alternativeText":"Hasura.svg","caption":"Hasura.svg","width":32,"height":32,"hash":"Hasura_2beedf3588","ext":".svg","mime":"image/svg+xml","size":2.46,"url":"/img/strapi/Hasura.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-04-05T12:51:01.009Z","updatedAt":"2024-04-05T12:51:01.009Z"}}}}]}]},{"id":15,"Title":"Pricing","ref":"pricing","children":[]},{"id":20,"Title":"Docs","ref":"https://docs.inigo.io","children":[]},{"id":2,"Title":"Blog","ref":"blog","children":[]},{"id":11,"Title":"Learn","ref":null,"children":[{"id":79,"title":"Tutorials","ref":"https://docs.inigo.io/tutorials/tutorials_part_1","description":null,"color":null,"icon":{"data":{"id":517,"attributes":{"name":"Tutorials.svg","alternativeText":"Tutorials.svg","caption":"Tutorials.svg","width":32,"height":32,"hash":"Tutorials_00ddeec014","ext":".svg","mime":"image/svg+xml","size":0.52,"url":"/img/strapi/Tutorials.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:22:42.230Z","updatedAt":"2024-02-01T16:22:42.230Z"}}},"children":[]},{"id":81,"title":"Inigo vs GraphOS","ref":"apollo-vs-inigo","description":null,"color":null,"icon":{"data":{"id":518,"attributes":{"name":"discovery.svg","alternativeText":"discovery.svg","caption":"discovery.svg","width":32,"height":32,"hash":"discovery_cea17bed6b","ext":".svg","mime":"image/svg+xml","size":1.58,"url":"/img/strapi/discovery.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:23:12.221Z","updatedAt":"2024-02-01T16:23:12.221Z"}}},"children":[]},{"id":77,"title":"Company","ref":"about","description":null,"color":null,"icon":{"data":{"id":515,"attributes":{"name":"blog.svg","alternativeText":"blog.svg","caption":"blog.svg","width":32,"height":32,"hash":"blog_1efe751850","ext":".svg","mime":"image/svg+xml","size":0.84,"url":"/img/strapi/blog.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:21:23.173Z","updatedAt":"2024-02-01T16:21:23.173Z"}}},"children":[]},{"id":80,"title":"Media \u0026 Webinars","ref":"media","description":null,"color":null,"icon":{"data":{"id":519,"attributes":{"name":"YouTube.svg","alternativeText":"YouTube.svg","caption":"YouTube.svg","width":32,"height":32,"hash":"You_Tube_7de9bfa780","ext":".svg","mime":"image/svg+xml","size":1.15,"url":"/img/strapi/YouTube.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:23:29.009Z","updatedAt":"2024-02-01T16:23:29.009Z"}}},"children":[]},{"id":94,"title":"Press","ref":"press","description":null,"color":null,"icon":{"data":{"id":174,"attributes":{"name":"press.svg","alternativeText":"press.svg","caption":"press.svg","width":24,"height":24,"hash":"press_784b5b1b4b","ext":".svg","mime":"image/svg+xml","size":1.69,"url":"/img/strapi/press.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-01-26T16:40:35.744Z","updatedAt":"2023-01-26T16:40:35.744Z"}}},"children":[]}]}],"footerNavigation":[{"id":8,"Title":"Product","ref":null,"children":[{"id":22,"title":"In-Depth Observability","ref":"/observability","description":null,"color":null},{"id":72,"title":"Schema Registry","ref":"/managed_schema","description":null,"color":null},{"id":73,"title":"Multi-Layer Security","ref":"security","description":null,"color":null},{"id":74,"title":"GraphQL Explorer","ref":"explorer","description":null,"color":null}]},{"id":19,"Title":"Solutions ","ref":null,"children":[{"id":103,"title":"Inigo's GraphQL Router","ref":"gateway","description":null,"color":null},{"id":96,"title":"Inigo’s Apollo Plugin","ref":"byog","description":null,"color":null},{"id":97,"title":"Inigo’s GraphQL Middleware","ref":"byos","description":null,"color":null},{"id":98,"title":"API Gateway Integration","ref":"api-gateway","description":null,"color":null}]},{"id":16,"Title":"Learn","ref":null,"children":[{"id":70,"title":"Blog","ref":"blog","description":null,"color":null},{"id":71,"title":"Docs","ref":"https://docs.inigo.io","description":null,"color":null},{"id":69,"title":"Tutorials","ref":"https://docs.inigo.io/tutorials/tutorials_part_1","description":null,"color":null},{"id":75,"title":"Inigo vs. GraphOS","ref":"apollo-vs-inigo","description":null,"color":null},{"id":76,"title":"Media \u0026 Webinars","ref":"media","description":null,"color":null},{"id":95,"title":"Press","ref":"press","description":null,"color":null}]},{"id":6,"Title":"Company","ref":null,"children":[{"id":64,"title":"About us","ref":"about","description":null,"color":null},{"id":104,"title":"Legal","ref":"legal","description":null,"color":null},{"id":99,"title":"Reddit","ref":"https://reddit.com/user/InigoGraphQL","description":null,"color":null},{"id":100,"title":"LinkedIn","ref":"https://www.linkedin.com/company/inigo","description":null,"color":null},{"id":102,"title":"GitHub","ref":"https://github.com/inigolabs","description":null,"color":null},{"id":101,"title":"Contact us","ref":"https://landing.inigo.io/demo","description":null,"color":null}]}],"banner":{"text":"Inigo Gateway: The Next Evolution in GraphQL Management","link":"https://inigo.io/blog/inigo-gateway","createdAt":"2023-12-12T20:28:12.753Z","updatedAt":"2024-10-23T15:36:52.420Z","publishedAt":"2023-12-12T20:28:13.815Z"},"navigation":[{"id":"GraphQL%20Endpoint%20Detection","text":"GraphQL Endpoint Detection","level":"2"}],"prev":{"attributes":{"path":"inigo-is-a-proud-new-member-of-the-graphql-foundation","title":"Inigo is a proud new member of the GraphQL Foundation"}},"next":{"attributes":{"path":"how_threat_actors_fingerprint_your_graphql_apis","title":"How threat actors fingerprint your GraphQL APIs"}},"post":{"id":6,"attributes":{"title":"How threat actors detect your GraphQL APIs","author":"Shahar Binyamin \u0026 Inigo team","text":"\u003cp\u003eThreat actors are after your APIs. Whether it’s your data that they’re interested in, or abusing your services for their financial gain. The reasons why threat actors target different organizations can vary, but one of the first steps they take in their hacking methodology is often consistent and predictable - \u003cstrong\u003einformation gathering\u003c/strong\u003e or \u003cstrong\u003ereconnaissance\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen hackers gather information on a target application, they do so both passively and actively. Passive information gathering does not involve sending packets to the targeted application - it involves gathering information through other channels that are indirect to the main application or the company operating it as a means to remain stealthy (but not only). For example, passive information gathering can be done by looking up the company’s name on GitHub in hopes of finding public repositories that could give them hints on what technologies are in use, or to find credentials that were hard-coded but forgotten about that they can then reuse.\u003c/p\u003e\n\u003cp\u003eActive information gathering involves communicating with the application, this requires the threat actors to send some traffic to the application. Imagine you are defending a large-scale application that serves millions of clients. You can appreciate how difficult it becomes to identify anomalous behavior if you don’t know what anomalous traffic could look like. Inigo’s solution not only allows cherry-picking those GraphQL queries that are targeting your application in a riskier way and surface the interesting ones to your security team, but also block and alert on them.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://cms.inigo.io/uploads/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_26f3a8ef35.png\" alt=\"How Threat Actors Detect your GraphQL APIs.png\"\u003e\u003c/p\u003e\n\u003ch2 id=\"GraphQL%20Endpoint%20Detection\"\u003eGraphQL Endpoint Detection\u003c/h2\u003e\n\u003cp\u003eGraphQL introduces a shift in how clients request their data from applications using its innovative declarative query language. In GraphQL, clients express their intent using a query payload. If you ever used REST APIs, you may recall that in REST, a client’s intention is expressed by the combination of the HTTP method (GET, PUT, POST, DELETE) and the resource path (such as /v1/users). For instance, a GET request to /v1/users would result in fetching the list of all users of a given application.\u003c/p\u003e\n\u003cp\u003eGraphQL, on the other hand, uses a single endpoint (such as /graphql) and some query to fetch a list of users. Such query could look like the following:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eusers {\n name\n email\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eSo, how can threat actors discover whether an application is using GraphQL or another API technology? They do so by sending some query (the query does not have to be a valid one) to a list of possible endpoints that GraphQL may exist on, and observing the responses returned by the server.\u003c/p\u003e\n\u003cp\u003eFor example, this is how a cURL request to a GraphQL endpoint could look like:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e$ curl https://example.inigo.io/graphql -d '{\u0026quot;query\u0026quot;:\u0026quot;query { users { name email } }\u0026quot;}' -H \u0026quot;Content-Type: application/json\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eA typical GraphQL response is in JSON, and includes data or errors (or both) objects, which give away the fact this is a GraphQL API that responded:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e{\u0026quot;errors\u0026quot;:[{\u0026quot;message\u0026quot;:\u0026quot;Cannot query field \\\u0026quot;users\\\u0026quot; on type \\\u0026quot;Query\\\u0026quot;.\u0026quot;,\u0026quot;extensions\u0026quot;:{\u0026quot;code\u0026quot;:\u0026quot;GRAPHQL_VALIDATION_FAILED\u0026quot;}}]}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis method can then be automated so queries run against multiple endpoints in parallel. Possible endpoints could be:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e/graphql\u003c/li\u003e\n\u003cli\u003e/query\u003c/li\u003e\n\u003cli\u003e/api\u003c/li\u003e\n\u003cli\u003e/playground\u003c/li\u003e\n\u003cli\u003e/console\u003c/li\u003e\n\u003cli\u003e/graphiql\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf API versioning is in place, you may find GraphQL located in paths such as:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e/v1/graphql\u003c/li\u003e\n\u003cli\u003e/v2/graphql\u003c/li\u003e\n\u003cli\u003e/v1/query\u003c/li\u003e\n\u003cli\u003e/v2/query\u003c/li\u003e\n\u003cli\u003e/v1/console\u003c/li\u003e\n\u003cli\u003e/v2/console\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAs you can see, APIs can be present in different locations. GraphQL servers can also be customized to point to a completely arbitrary location that isn’t on the list above. However, GraphQL API responses are often predictable, as dictated by the official GraphQL specification \u003ca target=\"_blank\" href=\"https://spec.graphql.org/October2021/#sec-Response-Format\"\u003eResponse Format\u003c/a\u003e section (7.1), allowing actors to identify that GraphQL is the interface which they are interacting with. Here is an excerpt of the response format section:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eA response to a GraphQL request must be a map.\nIf the request raised any errors, the response map must contain an entry with key errors. The value of this entry is described in the “Errors” section. If the request is completed without raising any errors, this entry must not be present.\nIf the request included execution, the response map must contain an entry with key data. The value of this entry is described in the “Data” section. If the request failed before execution, due to a syntax error, missing information, or validation error, this entry must not be present.\nThe response map may also contain an entry with key extensions. This entry, if set, must have a map as its value. This entry is reserved for implementors to extend the protocol however they see fit, and hence there are no additional restrictions on its contents.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThis means that keys such as \u003cstrong\u003edata\u003c/strong\u003e, \u003cstrong\u003eerrors\u003c/strong\u003e and \u003cstrong\u003eextensions\u003c/strong\u003e are all keys you may find in a GraphQL response. Armed with this knowledge, threat actors can build this logic into scanning tools to find where your GraphQL APIs live. In a future post, we will explore what threat actors might do after a GraphQL server was found.\u003c/p\u003e\n\u003cp\u003eWhen threat actors are performing an information gathering activity, they typically try different variations of queries. Some may be valid, some may not. Invalid queries could result in server exceptions. Inigo’s solution provides a layer of protection for your GraphQL APIs, our unique position in your architecture allows us to detect malformed queries against existent and non-existent endpoints and mitigate against such activity. Using our GraphQL Security and Management solution. Reach out to us for more information.\u003c/p\u003e\n","short_text":"Threat actors are after your APIs. Whether it’s your data that they’re interested in, or abusing your services for their financial gain. ","createdAt":"2022-08-27T04:50:13.690Z","updatedAt":"2023-09-11T15:25:53.469Z","publishedAt":"2022-08-29T18:30:29.433Z","path":"how_threat_actors_detect_your_graphql_apis","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-08-29","keywords":null,"cover":{"data":{"id":255,"attributes":{"name":"How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp","alternativeText":"How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp","caption":"How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp","width":1400,"height":600,"hash":"How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header_423fc2152b","ext":".webp","mime":"image/webp","size":17.79,"url":"/img/strapi/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:05.723Z","updatedAt":"2023-09-11T15:25:52.619Z"}}},"related":[{"id":24,"url":"how-secure-is-your-graph-ql-server"},{"id":25,"url":"you-dont-need-to-disable-introspection"},{"id":26,"url":"inigo-is-a-proud-new-member-of-the-graphql-foundation"}]}},"related":[{"attributes":{"path":"dry-graphql-type-similarity-linting","cover":{"data":{"id":688,"attributes":{"name":"DRY in GraphQL- How the Type Similarity Linting Rule Keeps Your Schema Clean.png","alternativeText":"DRY in GraphQL- How the Type Similarity Linting Rule Keeps Your Schema Clean.png","caption":"DRY in GraphQL- How the Type Similarity Linting Rule Keeps Your Schema Clean.png","width":1400,"height":600,"hash":"DRY_in_Graph_QL_How_the_Type_Similarity_Linting_Rule_Keeps_Your_Schema_Clean_8dabc11603","ext":".png","mime":"image/png","size":374.71,"url":"/img/strapi/DRY_in_GraphQL-_How_the_Type_Similarity_Linting_Rule_Keeps_Your_Schema_Clean.png","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-12-11T19:29:07.946Z","updatedAt":"2024-12-11T19:29:07.946Z"}}},"date":"2024-12-11","author":"Nikolai Kaploniuk","title":"DRY in GraphQL: How the Type Similarity Linting Rule Keeps Your Schema Clean"}},{"attributes":{"path":"graphql-vercel-support","cover":{"data":{"id":687,"attributes":{"name":"Blog - Manage GraphQL with Vercel.webp","alternativeText":"Blog - Manage GraphQL with Vercel.webp","caption":"Blog - Manage GraphQL with Vercel.webp","width":2800,"height":1200,"hash":"Blog_Manage_Graph_QL_with_Vercel_57f8af52f4","ext":".webp","mime":"image/webp","size":37.09,"url":"/img/strapi/Blog__-_Manage_GraphQL_with_Vercel.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-12-05T21:15:02.970Z","updatedAt":"2024-12-05T21:15:02.970Z"}}},"date":"2024-12-05","author":"Adam Benhassen \u0026 Michael Skorokhodov","title":"Why We Added Vercel Support and What It Means for Developers"}},{"attributes":{"path":"graphql-schema-checks-with-github-actions","cover":{"data":{"id":684,"attributes":{"name":"Blog - GraphQL Schema Checks with GitHub Actions.webp","alternativeText":"Blog - GraphQL Schema Checks with GitHub Actions.webp","caption":"Blog - GraphQL Schema Checks with GitHub Actions.webp","width":2100,"height":900,"hash":"Blog_Graph_QL_Schema_Checks_with_Git_Hub_Actions_9fb0538564","ext":".webp","mime":"image/webp","size":27.44,"url":"/img/strapi/Blog_-_GraphQL_Schema_Checks_with_GitHub_Actions.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-11-19T04:38:59.521Z","updatedAt":"2024-11-19T04:38:59.521Z"}}},"date":"2024-11-19","author":"Nikolai Kaploniuk","title":"GraphQL Schema Checks with GitHub Actions"}}]},"__N_SSG":true},"page":"/blog/[pid]","query":{"pid":"how_threat_actors_detect_your_graphql_apis"},"buildId":"lHJPeAsQX3aPSdI1hq6Lv","isFallback":false,"dynamicIds":[2352,1333],"gsp":true,"appGip":true,"scriptLoader":[]}</script></body></html>

CINXE.COM

How threat actors detect your GraphQL APIs | Inigo