[jjanyan]

I've been wanting this for years and have been tempted to write it myself. I've imagined a way to create your graphql query in a UI then "bookmark" it.

After that you'd grant permissions to use that bookmark via some authentication system. Possibly via a security team or API team to review the implications of the query. Security, performance, etc.

So you get fast and flexible development but you have a minimal surface area when refactoring, auditing security, and monitoring potential performance issues.

One other thing that's useful is for reaching out to the appropriate team to discuss deprecation, security concerns, and new upcoming features. The team that needs to improve the database (in some way) can quickly figure out who to talk to instead of needing to ask multiple teams "hey, we're thinking about X, does that affect you?" The other teams are often busy and it takes time to analyze their code to figure out if it would affect them. It can be a miserable and slow process. With a bookmark, it's obvious and straightforward.

If anyone is familiar with something along these lines I'd love to hear about it.

[jensneuse]

The proposed solution does exactly what you describe in the first part. By turning GraphQL Operations into an RPC endpoint, we've essentially whitelisted the Operation. We've not only whitelisted the Operation but added a whole lot more but obviously I don't want to repeat the article. If you're interested discussing this further, find my contact information at the end of the blogpost.