Apollo's top priority is ensuring the privacy and security of your data and your customers' data. No Apollo tool or library running in your environment sends any data to GraphOS unless you configure it to do so. Features that potentially send highly sensitive data require additional opt-in.
Does GraphOS store operation result data returned by my graph?
No. Your graph's operation results never even reach any Apollo-managed service, with one important exception: cloud supergraphs use a GraphOS Router, which passes results directly from your subgraphs to requesting clients, without logging, persisting, or sending those results to any other system (other data like operation metrics are persisted).
Which tools send data to GraphOS?
The GraphOS Router, Apollo Server, the Rover CLI, and the legacy Apollo CLI have opt-in features that send data to GraphOS.
The following tools and services collect anonymous usage data by default:
Rover CLI - Learn how to turn off anonymous usage data collection.
GraphOS Router, v1.59.0 and later - Learn how to turn off anonymous usage data collection.
Apollo Kotlin IDE plugin - Learn how to turn off anonymous usage data collection.
If you have a cloud supergraph, its router is hosted and managed by GraphOS, and it automatically enables metrics reporting. Learn about data collection for cloud supergraphs.
Apollo Client libraries do not send data to GraphOS.
How does GraphOS ingest data?
All data sent to GraphOS is sent to an endpoint with one of the following base URLs:
Current URLs
https://usage-reporting.api.apollographql.com
Metrics reporting from the GraphOS Router (v0.1.0+), Apollo Server (v2.18.0+), and third-party API servers
https://rover.apollo.dev
The Rover CLI—all commands if telemetry is enabled, rover supergraph compose when fetching new plugin versions, all rover template commands, and once per day to check for version updates
https://api.apollographql.com/graphql
All Rover CLI (v0.6+) commands that communicate with GraphOS, along with all requests to the GraphOS Platform API
https://router.apollo.dev
GraphOS Router (v0.1.0+) with Apollo Uplink and/or Enterprise features enabled, Apollo Server with Apollo Gateway (v0.34.0+) with managed federation
https://aws.uplink.api.apollographql.com
GraphOS Router (v0.1.0+) with Apollo Uplink and/or Enterprise features enabled, Apollo Server with Apollo Gateway (v0.45.0+) with managed federation
https://persisted-queries.api.apollographql.com/
GraphOS Router (v1.25.0+) with GraphOS persisted queries enabled
https://aws.persisted-queries.api.apollographql.com/
GraphOS Router (v1.25.0+) with GraphOS persisted queries enabled
https://schema-reporting.api.apollographql.com
Schema registration via schema reporting in Apollo Server (v2.18.0+) and third-party API servers
https://graphql.api.apollographql.com/api/graphql
Anonymous usage data from the Apollo Kotlin IDE plugin
Active legacy URLs
https://engine-report.apollodata.com
Metrics reporting from Apollo Server (v2.0-2.17.x)
https://edge-server-reporting.api.apollographql.com
Schema registration via schema reporting in Apollo Server (v2.15.0-2.17.x)
https://engine-graphql.apollographql.com
All legacy Apollo CLI (v2.30 and earlier) commands that communicate with GraphOS
https://storage.googleapis.com
Apollo Server with Apollo Gateway (v0.15.1 and earlier) with managed federation, or with the operation registry plugin (v0.3.1 and earlier)
https://federation.api.apollographql.com
Apollo Server with Apollo Gateway (v0.16.0-v0.33.0) with managed federation
https://storage-secrets.api.apollographql.com
Apollo Server with Apollo Gateway (v0.16.0-v0.33.0) with managed federation, or with the operation registry plugin
https://operations.api.apollographql.com
Apollo Server with the operation registry plugin (v0.4.1+)
https://graphql.api.apollographql.com
All Rover CLI (prior to v0.6) commands and legacy Apollo CLI(v2.31+) commands that communicate with GraphOS
If your environment uses a corporate proxy or firewall, you might need to configure it to allow outbound traffic to these domains. Note that data might be sent to multiple endpoints in a given domain.
Which types of data do the GraphOS Router and Apollo Server send to GraphOS?
You can configure both the GraphOS Router and Apollo Server to report certain data to GraphOS for each operation resolved by these libraries. These types of data include:
Several fields besides data from every operation response
Neither the GraphOS Router nor Apollo Server ever sends the data field of an operation response to GraphOS.
The normalized query operation string for every executed operation
Trace data indicating the execution time for every resolver in the operation
The values of operation GraphQL variables and HTTP headers
These types of data are covered in the subsections below.
In addition, you can configure a standalone instance of Apollo Server to report its schema to GraphOS.
ⓘ NOTE
All data sent to GraphOS from both the GraphOS Router and Apollo Server is transmitted using HTTPS on port 443, and HTTP traffic on port 80 is turned off.
Operation response fields
Let's walk through the default behaviors of the GraphOS Router and Apollo Server when reporting fields in a typical GraphQL response:
// GraphQL Response
{
"data": { ... }, // NEVER sent to GraphOS
"errors": [ ... ] // Can be sent to GraphOS, used to report on errors for operations and fields.
}
response.data
As mentioned, the GraphOS Router and Apollo Server never send the contents of this field to GraphOS. The responses from your graph stay internal to your application.
response.errors
Both the GraphOS Router and Apollo Server can report certain error information to GraphOS, but the exact behavior varies:
GraphOS Router
Currently, the GraphOS Router reports only which fields in an operation produced errors. Other error details (such as messages) are masked in reports to GraphOS.
You cannot currently configure the GraphOS Router to report any additional error details.
Apollo Server 4
By default, Apollo Server 4 reports only which fields in an operation produced errors.
You can configure Apollo Server 4 to provide additional error details (such as error messages and extensions). To do so, provide the sendErrors option to Apollo Server's usage reporting plugin.
Apollo Server 2 and 3
ⓘ NOTE
Apollo Server versions 2 and 3 are deprecated.
By default, Apollo Server versions 2 and 3 report all error details to GraphOS, including messages and extensions.
You can use the usage reporting plugin's rewriteError option to filter or transform errors before they're stored in GraphOS. Use this to strip sensitive data from errors or filter "safe" errors from Studio reports.
Query operation strings
The GraphOS Router and Apollo Server both report a normalized string representation of each query operation to GraphOS. By default, this normalization algorithm strips out string literals that are passed as arguments. However, we highly recommend that users do not include sensitive data (such as passwords or personally identifiable information) in operation strings. Instead, include this information in GraphQL variables, which you can send selectively.
ⓘ NOTE
If you enable enhanced operation signature normalization in the router, the operation signature includes the input object shapes while redacting any of the actual values. Learn more.
Operation traces
If you're using the GraphOS Router, your subgraphs can include operation trace data in each of their responses to the router. This data includes timing information for each resolver that contributed to the operation.
To check which subgraph libraries support federated traces, consult the FEDERATED TRACING entry in this table.
You can configure the GraphOS Router to include this trace data in its reports to GraphOS (learn how). By doing so, you can visualize the performance of your operations in GraphOS Studio, broken down by resolver.
If you're using a standalone instance of Apollo Server, you can also configure it to report operation traces to GraphOS.
GraphQL variable values
This section pertains to the values of variables that are included in GraphQL operations. The names of these variables are included in operation strings that are sent to GraphOS.
Apollo Server 2.7.0 and later
In Apollo Server 2.7.0 and later, none of an operation's GraphQL variable values are sent to GraphOS by default.
You can set a value for the usage reporting plugin's sendVariableValues option to specify a different strategy for reporting some or all variable values.
Apollo Server prior to 2.7.0
In versions of Apollo Server 2 prior to 2.7.0, all of an operation's GraphQL variable values are sent to GraphOS by default.
If you're using an earlier version of Apollo Server, it's recommended that you update. If you can't update for whatever reason, you can use the privateVariables reporting option to specify the names of variables that should not be sent to GraphOS. You can also set this option to false to prevent all variables from being sent. This reporting option is deprecated and will not be available in future versions of Apollo Server.
GraphOS Router
By default, the GraphOS Router does not send an operation's GraphQL variable values to GraphOS.
To enable variable value reporting in the GraphOS Router, see this section.
HTTP headers
Regardless of your server configuration, GraphOS never collects the values of the following HTTP headers, even if they're sent:
Authorization
Cookie
Set-Cookie
You can, however, configure reporting options for all other HTTP headers.
ⓘ NOTE
If you perform authorization in a header other than those listed above (such as X-My-API-Key), do not send that header to GraphOS.
Apollo Server 2.7.0 and later
In Apollo Server 2.7.0 and later, none of an operation's HTTP headers is sent to GraphOS by default.
You can set a value for the usage reporting plugin's sendHeaders option to specify a different strategy for reporting some or all your HTTP headers.
Apollo Server prior to 2.7.0
In versions of Apollo Server 2 prior to 2.7.0, all of an operation's HTTP headers (except the confidential headers listed above) are sent to GraphOS by default.
If you're using an earlier version of Apollo Server, it's recommended that you update. If you can't update for whatever reason, you can use the privateHeaders reporting option to specify the names of variables that should not be sent to GraphOS. You can also set this option to false to prevent all headers from being sent. This reporting option is deprecated and will not be available in future versions of Apollo Server.
GraphOS Router
By default, the GraphOS Router does not send an operation's HTTP header values to GraphOS.
To enable header reporting in the GraphOS Router, see this section.
Other GraphOS Router data
The router collects and reports the following data:
The execution command that was run (excluding any identifiable arguments such as file-system paths or profile names)
The version of router that was executed
The configuration properties which have been referenced, but limited to types which could not contain personally identifiable information (for example, certain scalar types; a property which is set to true not the value if it is a string)
A unique, anonymized machine identifier, which is the same for every command run on the same machine
A unique, anonymized session identifier, which is different for every command
The SHA-256 hash of the directory that router was executed from
The SHA-256 hash of the contents of the supergraph schema
The operating system router was executed on
The CI system router was executed on, if any
Environment information
Starting with v1.59.0, the router collects and reports on the data about the environment it's deployed in. All environment data is captured using non-intrusive methods, such as inspecting SMBIOS and environment variable names. (Environment variable values are never collected.) Data collection methods don't make external or internal API calls and don't impact router performance.
The following environment data is reported:
The operating system of the machine or container the router is running within
The architecture, number, and frequency of the CPU(s) the router is running on
The cloud provider and platform (if appropriate)
If the router has been deployed using the official Helm Chart
The amount of memory the router has been deployed to use
The launch ID the router is currently using
The number of requests made to subgraphs, and their total request and response throughput
The number of requests made to the router, and their total request and response throughput
ⓘ NOTE
Request contents are not captured or inspected.
No sensitive data is inspected, stored or captured, including environment variable values. All code that implements this reporting is open source and more details can be found in the router's CHANGELOG.
Data collection is voluntary. You can turn it off by following these instructions.
Where does Apollo store data?
Apollo processes and stores data in the United States. Due to our use of content distribution networks (CDNs), you may receive website resources from a globally distributed endpoint closest to you. However, all data processing and storage occurs in the United States.
Requesting deletion of data
To request the deletion of specific data from your Apollo organization, please email support@apollographql.com with the subject Data deletion request.
In your email, please include the following:
A description of the data that needs to be deleted
An approximate timestamp of when that data was reported to Apollo
The ID of the graph that the data is associated with
ⓘ NOTE
Currently, data deletion is performed across all variants of an affected graph. Per-variant deletion is not available.
You can also request that members of your organization be removed from marketing outreach. To do so, provide the email addresses of those members in your email. However, before doing so, please ensure you have the necessary authorization to submit such requests on behalf of your organization. All data deletion and removal requests will be processed in accordance with applicable legal requirements
To learn more, go to the Privacy Policy.
Configuring the router to opt out of data collections
You can configure your router to opt out of data collection by setting the APOLLO_TELEMETRY_DISABLED environment variable to true in every environment where you run the router.
Policies and agreements
To learn about other ways that Apollo protects your data, visit our Legal and Privacy page and review our Privacy Policy. If you have a separate written agreement or agreements with Apollo pertaining to your data protection, those separate written agreements apply.