GraphQLquery~30 mins

Introspection control in GraphQL - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

GraphQL Introspection Control

📖 Scenario: You are building a GraphQL API for a simple book store. You want to control introspection queries to improve security by disabling introspection in production.

🎯 Goal: Create a GraphQL schema with introspection control. You will first define the schema, then add a configuration variable to enable or disable introspection, implement the logic to check this variable, and finally complete the schema setup with introspection control.

📋 What You'll Learn

Define a simple GraphQL schema with a Book type and a Query type

Add a configuration variable called introspection_enabled to control introspection

Implement logic to disable introspection queries when introspection_enabled is false

Complete the schema setup with introspection control applied

💡 Why This Matters

🌍 Real World

Controlling introspection in GraphQL APIs helps protect sensitive schema details in production environments.

💼 Career

Many companies require secure GraphQL APIs; knowing how to enable or disable introspection is a valuable skill for backend developers.

Progress0 / 4 steps

Define the GraphQL schema with Book and Query types

Create a GraphQL schema string called schema_definition that defines a Book type with fields id (ID!), title (String!), and author (String!). Also define a Query type with a field books that returns a list of Book.

GraphQL

# Create a variable called schema_definition with the GraphQL schema string
# Your code here

Need a hint?

Use triple quotes to create a multi-line string for the schema.

Add configuration variable to control introspection

Create a boolean variable called introspection_enabled and set it to False to disable introspection.

GraphQL

schema_definition = '''
type Book {
  id: ID!
  title: String!
  author: String!
}

type Query {
  books: [Book]
}
'''

# Create a boolean variable called introspection_enabled and set it to False
# Your code here

Need a hint?

Use False to disable introspection.

Implement logic to disable introspection queries

Create a function called is_introspection_allowed that returns the value of introspection_enabled. This function will be used to check if introspection queries are allowed.

GraphQL

schema_definition = '''
type Book {
  id: ID!
  title: String!
  author: String!
}

type Query {
  books: [Book]
}
'''

introspection_enabled = False

# Define a function called is_introspection_allowed that returns introspection_enabled
# Your code here

Need a hint?

Define a simple function that returns the boolean variable.

Complete schema setup with introspection control

Create a variable called schema_config as a dictionary with keys 'schema' set to schema_definition and 'introspection' set to the function is_introspection_allowed. This config will control introspection in the GraphQL server.

GraphQL

schema_definition = '''
type Book {
  id: ID!
  title: String!
  author: String!
}

type Query {
  books: [Book]
}
'''

introspection_enabled = False

def is_introspection_allowed():
    return introspection_enabled

# Create a dictionary called schema_config with keys 'schema' and 'introspection'
# Your code here

Need a hint?

Use a dictionary to hold the schema and introspection control function.