Skip to content
KeystoneJS LogoKeystoneJS
👋🏻 We're working on the next generation of KeystoneJS! If you're using the @keystone-next packages, click here to learn more

Query validation

Stop maliciously complex or invalid queries against your Keystone instance.

const { validation } = require('@keystonejs/app-graphql');

const app = new GraphQLApp({
  apollo: {
    validationRules: [validation.depthLimit(3)],


  • depthLimit: limit nesting depth of queries
  • definitionLimit: limit number of definitions (queries, fragments, mutations)
  • fieldLimit: limit total number of fields returned in results (after expanding fragment spreads)

The following GraphQL has two definitions (contact, info), four fields (name, email, allUsers, friends), and a total depth of three:

fragment contact on User {
query info {
  allUsers {
    friends {

On this page

  • Validators
Edit on GitHub