GraphQL Introspection Exposed

GraphQL introspection is the spec's most developer-friendly feature and one of its most defender-unfriendly defaults. Send a query asking the server to describe itself, and a fully-introspected GraphQL endpoint dutifully returns every type, every field name and type, every argument, and (in many configs) every directive comment. It's how GraphiQL, Apollo Sandbox, and every modern GraphQL client tool work. It's also how attackers map your API in seconds. Apollo Server 4 disables introspection by default in production, but plenty of older deployments and self-rolled GraphQL servers still ship with it on, and the line between 'we want devs to use the explorer' and 'we exposed the entire data model to the internet' is one configuration flag.

A `__schema` query — `{ __schema { types { name fields { name type { name } } } } }` — returns the complete type system. From that single response, the attacker reconstructs every query, mutation, subscription, the arguments each takes, and the relationships between types. Tools like graphql-voyager render the result as an interactive map. Combined with permissive resolvers (no per-query authorization), introspection is the input that makes targeted enumeration trivial. Even with strict authorization, knowing internal types like `_AdminInternal` or fields like `mfaSecret` is information the attacker shouldn't have.

Recon impact dominates — knowing the schema converts blind probing into surgical queries. Combined with authorization bugs (resolver-level IDOR, missing field-level auth), introspection is the recipe for efficient mass data extraction. Schema disclosure also reveals product roadmap details (unreleased fields and types) and internal naming conventions that may inform social engineering.

Disable introspection in production. Apollo Server 4: `introspection: false` in config (already the default for production builds). Yoga: `useDisableIntrospection` plugin. Hot Chocolate (.NET): `.AddIntrospection(false)`. Hasura: set `HASURA_GRAPHQL_ENABLE_TELEMETRY=false` plus the per-role schema introspection toggle. Don't rely on rate-limiting introspection — one query is enough. For developer access, host a documentation site that's authenticated separately, or use schema diffing in CI to detect changes without exposing the full schema at runtime. As a defense-in-depth layer, also disable field-suggestion responses (most servers offer a flag for 'Did you mean X?' messages) since those leak schema details even when introspection is off.