Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/owasp/nest/llms.txt

Use this file to discover all available pages before exploring further.

The GraphQL API is the primary interface between the Next.js frontend and the Django backend. It is built with Strawberry GraphQL and the strawberry-graphql-django integration.

Endpoint

/graphql/

GraphiQL playground

When running with DJANGO_CONFIGURATION=Local, the GraphiQL interactive playground is available at /graphql/. It lets you browse the schema, write queries, and inspect results without any additional tooling.
Introspection is disabled in production environments to avoid schema disclosure. Use the local stack to explore the schema.

Schema structure

The schema is defined in backend/settings/graphql.py and composed from query and mutation classes contributed by each Django app.

Query root

Source classAppDescription
ApiKeyQueriesapiAPI key management queries
GithubQuerygithubGitHub organizations, repositories, issues
MentorshipQuerymentorshipMentorship program queries
ModuleQuerymentorshipMentorship module queries
OwaspQueryowaspProjects, chapters, committees, events, snapshots, sponsors
ProgramQuerymentorshipMentorship program queries

Mutation root

Source classAppDescription
ApiMutationsapiAPI key create/revoke mutations
ModuleMutationmentorshipMentorship module mutations
NestMutationsnestUser-related mutations
ProgramMutationmentorshipMentorship program mutations

Schema extensions

The following extensions are always active:
ExtensionPurpose
QueryDepthLimiter(max_depth=5)Prevents deeply nested query abuse
DjangoOptimizerExtensionAutomatically optimizes Django ORM queries to avoid N+1 issues
DisableIntrospectionEnabled in production to hide the schema

Example queries

List recent projects

query RecentProjects {
  recentProjects(limit: 8) {
    key
    name
    level
    type
    description
  }
}

Search projects by name

query SearchProjects($query: String!) {
  searchProjects(query: $query) {
    key
    name
    level
  }
}
Variables: 
{
  "query": "security"
}

Fetch a single project

query GetProject($key: String!) {
  project(key: $key) {
    key
    name
    level
    type
    description
  }
}
Variables: 
{
  "key": "nest"
}

Frontend integration

The Next.js frontend uses Apollo Client to query the GraphQL API. All frontend queries and mutations are written in .graphql files co-located with their components.
The DjangoOptimizerExtension automatically adds select_related and prefetch_related calls based on the fields requested in each query. You do not need to optimize queries manually in resolvers.

Advanced use

The GraphQL API is primarily designed for internal use by the frontend. It does not use token-based authentication independently — sessions are established via the standard Django login flow. For external integrations and programmatic access, use the REST API instead, which provides stable versioning, API key authentication, and official client SDKs.