What do I need a client API key for, when I can query the database (from Postman/Insomnia) on my Slash Dgraph instance without providing the client API key? What is the use-case for a client API key?
As I read the documentation, one needs a client API key to query the database, but when I try to query the database from Insomnia - without providing any X-Auth-Token header - then my request is still accepted and processed.
In summary, I fail to understand the following:
- When interacting with my Slash Dgraph instance, in what situations do I need to provide a client API key? And what will it allow me to do? Will it allow me to read and mutate all data, or only the data that was inserted using that client API key?
(My confusion probably also stems from Securing Your GraphQL endpoint at the same time stating this: “All GraphQL queries and mutations are unrestricted by default” )
Any clarification is much appreciated 