Need to inject data into a request from clients that cannot be trusted. Please help on how to do this?

Yes @davidLeonardi, that’s how we can handle custom mutation that requires control on fields.

Please also review the option around custom resolvers specific for graphql endpoints. Search for “Calling GraphQL custom resolvers” in the doc. This provides the option of not writing a call to a graphql api yourself but instructing the directive to call your graphql directly (sort of a graphql bridge).

2 Likes