Obviously if the FE is making GraphQL requests to Magento that has to be available to the client.
That said, I wonder if there are techniques or strategies or best practices around protecting the GraphQL API endpoint in Magento from abuse.
One option could be introducing a middleware layer that reduces the potential exposure / scope of the API exposed, or of course a customization within Magento itself to limit the GraphQL resources exposed.
Anyway, thanks for any thoughts / expertise!
submitted by /u/kevysaysbenice
[link] [comments]