Here you can define how users are authenticated when accessing the endpoint.
- API Key: needs to be sent with every request.
- ... more to come
Introspection provides an information about queries which are supported by GraphQl schema. This is currently enabled by default. It can be disabled via security settings or in the symfony configuration tree:
Defines workspaces for data that should be accessible via the endpoint. The definition is similar to Pimcore user workspace permissions
Error Handling - Configuration Values
The default behavior for associated/related objects, documents or assets that are not visible for the endpoint is, to simply null it out.
You can change that via a configuration setting in symfony configuration tree:
- 1 = the entire query will fail
- 2 = null it out/skip it for multi-relations (default)
It is also possible to disable the permission checks entirely by setting the configuration option in the security definition tab.