GraphQL Query Anonymization

Stellate GraphQL Analytics anonymizes the query metadata to ensure we can never store any sensitive information.

Firstly, we do not store variables, instead, we replace the variable values with their respective names.

# This is what we would store and you would see in the analytics
query login($email: String!, $password: String!) {
  login(email: $email, password: $password)
}

but we do not store variable values

{
  "email": "[email protected]",
  "password": "hunter2"
}

Further, we automatically turn all hard-coded arguments into variables (which are not stored). For example, with the following query:

# Hard-coded sensitive data 😱
query signup {
  signup(email: "[email protected]", password: "hunter2")
}

your analytics would show the values replaced by their respective variable names

# The two hard-coded arguments automatically replaced by variables
query signup($email: String!, $password: String!) {
  signup(email: $email, password: $password)
}

Since we do not store variable values, the query is completely anonymized with no sensitive data stored for our analytic systems.

📘

If there are multiple variables with the same name, a numeric index will be added to the end.