Operation signatures
How GraphOS identifies equivalent operations
When you're viewing your graph's operation metrics, Apollo Studio groups together operations based on the exact set of fields they include, not based on operation names. This means that operations with the same name but different sets of fields are displayed separately:
To help GraphOS identify functionally identical operations, your router generates the signature for each operation it reports to Studio. This signature is a normalized representation for an operation with deterministic field order, whitespace, and values for in-line argument values.
Why do we need an operation signature?
Consider the following operations:
query GetPostDetails($postId: String!) {post(id: $postId) {authorcontent}}query GetPostDetails($postId: String!) {post(id: $postId) {content # Different field orderauthor}}query GetPostDetails($postId: String!) {post(id: $postId) {writer: author # Field aliascontent}}
Despite some cosmetic differences (including comments), all of these operations execute identically on a particular GraphQL server. Therefore, Studio should group them when displaying performance information.
Helpfully, Apollo libraries use a signature algorithm to generate the exact same operation signature for all of these operations, which means Studio does group them.
Signature algorithm
⚠️ This algorithm is subject to change. This article describes the signature algorithm as of the release of Apollo Server 3.6.1. It is provided here for informational purposes, not as a canonical specification.
Feel free to jump to an example or view the source.
The signature algorithm performs the following modifications on an operation to generate its signature:
1. Transform in-line argument values
If an operation includes any in-line argument values, those values are transformed according to their type:
Booleanandenumvalues are preserved.IntandFloatvalues are replaced with0.String, list, and object values are replaced with their "empty" counterpart ("",[], or{}).
Argument values provided as GraphQL variable names are preserved.
2. Remove extraneous characters
Most unnecessary characters in the operation definition (including comments and redundant whitespace) are removed.
If the operation document includes multiple operations, then operations besides the executed operation are removed.
If the operation document includes fragments that aren't used by the executed operation, then those fragments are removed (other fragments are preserved).
3. Reorder definitions
Any preserved fragment definitions appear first, sorted alphanumerically by fragment name. The definition of the executed operation appears after all fragment definitions.
Whenever the names of two sorted items are identical, the algorithm preserves the original order of those items relative to each other.
Fields
For a given object or fragment's fields, field selections are sorted in the following order:
- Individually listed fields
- Named fragment spreads
- In-line fragments
Within each of these, sorting is alphanumeric by field name or fragment name.
Field aliases
All field aliases are removed. If an operation includes three instances of the same field with different aliases, then that field is listed in the signature three times with its non-aliased name.
Directives and arguments
If multiple directives are applied to the same location in the operation document, those directives are sorted alphanumerically.
If a single field accepts multiple arguments, those arguments are sorted alphanumerically by name.
Example signature
Consider this operation:
# Operation definition needs to appear after all fragment definitionsquery GetUser {user(id: "hello") {# Replace string argument value with empty string...NameParts # Spread fragment needs to appear after individual fieldstimezone # Needs to appear alphanumerically after `name`aliased: name # Need to remove alias}}# Excessive characters (including this comment!) need to be removedfragment NameParts on User {firstnamelastname}
The signature algorithm generates the following signature for this operation:
fragment NameParts on User {firstnamelastname}query GetUser {user(id: "") {nametimezone...NameParts}}
Signatures and sensitive data
The signature algorithm's primary purpose is to group together operations that differ only cosmetically (in terms of whitespace, field order, aliases, and so on). As an additional effect, the algorithm does remove most in-line argument values, which in theory helps maintain data privacy.
However, you should not rely on this! Ideally, your sensitive data should never reach Apollo Studio in the first place. Whenever possible, use GraphQL variables instead of in-line values for arguments. This helps you control exactly which values are reported to Apollo. For details, see Apollo Studio data privacy and compliance.
Logging signatures at runtime
To view operation signature hashes in your own logging tools, you can create an Apollo Server plugin that accesses hash values from the shared context. The relevant values are available in the queryHash and operationName properties:
const logOperationSignaturePlugin = {async requestDidStart() {return {async didResolveOperation(ctx) {console.log({queryHash: ctx.queryHash,operationName: ctx.operationName,});},};},};const server = new ApolloServer({schema,plugins: [logOperationSignaturePlugin],});
const logOperationSignaturePlugin = {async requestDidStart() {return {async didResolveOperation(ctx) {console.log({queryHash: ctx.queryHash,operationName: ctx.operationName,});},};},};const server = new ApolloServer({schema,plugins: [logOperationSignaturePlugin],});