Consider a GraphQL schema where the field secretInfo is marked as hidden using schema visibility control. What will be the result when a client queries secretInfo?
query {
secretInfo
}Think about how schema visibility hides fields from clients.
If a field is hidden by schema visibility control, it is removed from the schema exposed to clients. Querying it causes an error because the client does not see it as a valid field.
Which of the following is the main reason to use schema visibility control in a GraphQL API?
Think about controlling what clients can see.
Schema visibility control is used to hide sensitive or restricted fields from clients who should not access them, often based on roles or permissions.
Given the following GraphQL SDL snippet, which option correctly hides the internalNotes field using a directive @hidden?
type Product {
id: ID!
name: String!
internalNotes: String @hidden
}Directives start with @ in SDL.
In GraphQL SDL, directives are prefixed with @. Using @hidden is the correct way to mark a field as hidden if the schema supports that directive.
Which of the following best explains how schema visibility control enhances security in a GraphQL API?
Think about what clients can see in the schema.
Schema visibility control hides sensitive fields from the schema exposed to clients, so clients cannot even see or query those fields, reducing attack surface.
Given a GraphQL schema where the adminNotes field is hidden for non-admin users, a non-admin client runs this query:
query {
product(id: "123") {
id
name
adminNotes
}
}Why does this query fail?
Consider what happens when a field is hidden from a client.
The adminNotes field is hidden for non-admin clients, so it is not part of the schema they see. Querying it causes a validation error because the field is unknown.