Skip to content
KeystoneJS LogoKeystoneJSv5

Query Validation

Stop maliciously complex or invalid queries against your Keystone instance.

const { validation } = require('@keystonejs/app-graphql');

// ...

const app = new GraphQLApp({
  apollo: {
    validationRules: [validation.depthLimit(3)],


  • depthLimit: limit nesting depth of queries
  • definitionLimit: limit number of definitions (queries, fragments, mutations)
  • fieldLimit: limit total number of fields returned in results (after expanding fragment spreads)

The following GraphQL has two definitions (contact, info), four fields (name, email, allUsers, friends), and a total depth of three:

fragment contact on User {
query info {
  allUsers {
    friends {

Have you found a mistake, something that is missing, or could be improved on this page? Please edit the Markdown file on GitHub and submit a PR with your changes.

Edit Page