Define GraphQL endpoints

If you’re using Graph QL and manage bot traffic or account protection, you need to define your API following a specific structure, and include operation names as part of your definition and in your request body. The operation name in the POST body of a GraphQL request uniquely identifies GraphQL protected endpoints.

Define your API as follows:

How to

  1. Enter a single API endpoint and add an API Resource for it.
  2. Turn on POST method for the resource.
  3. Under that method, add a parameter to specify the operation name. Create a parameter named Body then define the JSON/XML body format with the name: operationName


  4. For each unique operation, create a separate API Resource purpose selecting:
    • POST as the method.
    • the parameter for body/operationName and enter its value.


  5. Later, in Bot Manager, you create a Protected Resource for each one.


  6. Pass the operation name in the POST body.

    The JSON in the POST body needs to pass the operation name—even for a single operation request—based on the following request format:

    {
      query: "...",
      operationName: "..."
      variables: {var1: "value1", ...}

    A real request POST body may look something like:

     
    operationName: "prefetchPipClient"
    query: "query prefetchPipClient($storeID: String, $zipCode: String, ...),"
    variables: {dataSource: "catalog", storeId: "4876677", ...}