github.com/vektah/gqlgen@v0.7.2/docs/content/reference/introspection.md (about) 1 --- 2 title: 'Disabling introspection' 3 description: Prevent users from introspecting schemas in production. 4 linkTitle: Introspection 5 menu: { main: { parent: 'reference' } } 6 --- 7 8 One of the best features of GraphQL is it's powerful discoverability, but sometimes you don't want to allow others to explore your endpoint. 9 10 ## Disable introspection for the whole server 11 12 To turn introspection on and off at runtime, pass the `IntrospectionEnabled` handler option when starting the server: 13 14 ```go 15 srv := httptest.NewServer( 16 handler.GraphQL( 17 NewExecutableSchema(Config{Resolvers: resolvers}), 18 handler.IntrospectionEnabled(false), 19 ), 20 ) 21 ``` 22 23 ## Disabling introspection based on authentication 24 25 Introspection can also be enabled on a per-request context basis. For example, you could modify it in a middleware based on user authentication: 26 27 ```go 28 srv := httptest.NewServer( 29 handler.GraphQL( 30 NewExecutableSchema(Config{Resolvers: resolvers}), 31 handler.RequestMiddleware(func(ctx context.Context, next func(ctx context.Context) []byte) []byte { 32 if userForContext(ctx).IsAdmin { 33 graphql.GetRequestContext(ctx).DisableIntrospection = true 34 } 35 36 return next(ctx) 37 }), 38 ), 39 ) 40 ```