GraphQL disable introspection endpoint

jon4hz · November 27, 2025, 1:47pm

Infos:

Due to company regulations, I would like to disable the graphql introspection endpoint. Unfortunately, I couldn’t find any documentation on how to do this. Is that possible? And if not, would you consider adding such a config option?

Used Zammad version: 6.5.2
Used Zammad installation type: package
Operating system: EndeavourOS
Browser + version: Zen 1.0.2-b.3 (Firefox 133.0.3)

MrGeneration · November 27, 2025, 3:05pm

You cannot disable endpoints. What‘s the problem with it?

dominikklein · November 27, 2025, 6:49pm

For us, it makes no real sense to add this, because you can see everything that the introspection returns also in the public code base.