Skip to main content
Rockxy detects GraphQL-over-HTTP requests and provides a dedicated inspector tab that parses operations into their query text, variables, and response data — so you do not need to dig through raw JSON bodies manually.
GraphQL inspector view

Automatic Detection

Rockxy’s GraphQLDetector identifies GraphQL requests by checking two conditions:
  1. The request is a POST to an endpoint whose path contains graphql (e.g., /graphql, /api/graphql, /v1/graphql)
  2. The JSON request body contains a query field with a string value
When both conditions are met, Rockxy marks the request as a GraphQL operation and activates the dedicated GraphQL tab in the inspector.
Detection only covers HTTP POST requests. GraphQL over WebSocket (subscriptions via graphql-ws or subscriptions-transport-ws) and GET-based persisted queries are not detected. You can still inspect those payloads manually in the Body or WebSocket tabs.

What Gets Detected

Rockxy’s detection scope is GraphQL-over-HTTP: standard POST requests carrying a GraphQL payload. It does not detect GraphQL sent over WebSocket transports (e.g., graphql-ws subscriptions), custom binary encodings, or GET-based persisted queries. If your API uses a non-standard endpoint path and does not include graphql in the URL, the request will not be detected automatically. You can still inspect the raw JSON body in the Body tab.

Operation Types

TypeDescriptionExample
QueryRead-only data fetch. The most common GraphQL operation.query GetUser { user(id: 1) { name } }
MutationWrite operation that modifies server-side data.mutation CreatePost { createPost(title: "...") { id } }
Rockxy parses the operation keyword from the query text to classify each request. If no keyword is present, the operation defaults to query per the GraphQL specification.

Entry Points

The GraphQL tab activates automatically in the request inspector when a matching request is selected. No manual configuration is needed — detection is passive and always on.

GraphQL Inspector

The GraphQL tab in the request inspector breaks down each operation into structured sections:
GraphQL inspector detail

Operation Name

The named identifier extracted from the query (e.g., GetUser, CreatePost). Anonymous operations show as “Anonymous”. The operation name also appears in the traffic list for quick identification.

Operation Type

Displays whether the operation is a Query, Mutation, or Subscription, with a color-coded badge.

Query Text

The full GraphQL query string with syntax highlighting. Field names, types, arguments, directives, and fragments are color-coded for readability.

Variables

The variables object from the request body, displayed as a collapsible JSON tree. Nested objects and arrays are expandable, and values are type-colored (strings, numbers, booleans, null).

Response Data

The data field from the GraphQL response body, displayed as a collapsible JSON tree. Errors returned in the errors array are highlighted separately with their message, path, and location information.

Operation Grouping

In the traffic list sidebar, GraphQL requests are grouped by their operation name. This makes it easy to find all instances of a specific query or mutation across your session. For example, if your app sends GetUser 15 times and CreatePost 3 times, the sidebar groups them under their respective operation names with request counts — so you can quickly spot which operations are called most frequently and drill into individual executions.

Next Steps

Traffic Capture

Full guide to the traffic list, filters, and inspector tabs

Traffic Rules

Mock GraphQL responses or block specific operations with rules

Request Replay

Re-send GraphQL operations with modified variables