GraphQL introspection is a built-in protocol for clients to discover a server's schema at runtime. Querying __schema returns the complete type system: every Query / Mutation / Subscription, every object type with all its fields and arguments, every input type, every enum and union. This is what powers tools like Apollo Studio, GraphiQL, and Insomnia's schema-aware autocompletion.
In production, introspection is a recon tool for attackers. A 30-second __schema query maps the entire data graph: which Mutation calls exist, what arguments they take, what fields they return, what relationships connect entities. Attackers no longer need to guess endpoint shapes or reverse-engineer client bundles -- the server hands them the catalog.
Disabling introspection in production is the common defense:
- Apollo Server:
new ApolloServer({ introspection: false }) - GraphQL Yoga:
useDisableIntrospection()plugin - Hot Chocolate (.NET):
DisableIntrospection()in the schema builder
Some teams keep introspection on as a deliberate choice (the API is public-spec, schema is documentation, etc.). Like OpenAPI exposure, it's a deliberate disclosure either way -- the security flag surfaces the choice rather than dictating it.
Important note: disabling introspection is NOT a complete security control. Field-suggestion error messages leak schema info one query at a time; persisted-query allowlisting is the stronger defense if your data is genuinely sensitive.