GraphQL module

Edition DX Core





Maven site




Magnolia GraphQL is available as a public beta. You can install it with with Maven or by placing pre-built JAR files in your webapp. A list of JAR files that you will need to drop into your webapp is below.

We do not anticipate the API changing significantly, so you can start trying it now. Please help us make this feature the best it can be. Report any bugs directly on the MGNLGQL Jira project, or send us bugs, questions, concerns and suggestions via this web form. In particular, if accessing content from the Pages app is an important use case for you, please review this page and give us your input.

The GraphQL module allows you to expose content stored in JCR through GraphQL POST and GET requests. The module provides a GraphQL API, a binding to Magnolia assets and a seamless integration with content types.

Module structure



Parent reactor.


Integrates GraphQL with Magnolia assets.


Provides the API.


Integrates GraphQL with Magnolia content types and JCR.

Installing with Maven

Maven is the easiest way to install the module. Add the following to your bundle:



The module itself does not require any configuration adjustments. It is ready for use once your Magnolia instance is up and running. Registered GraphQL types can be verified using the Definitions app:

GraphQL types in the Definitions app

Disabling specific GraphQL types

If you need to disable a GraphQL schema for a content type, you can do so through definition decoration, for example:



Disabling GraphQL servlet

By default, the GraphQL servlet is enabled. To disable it, set the /server/filters/servlets/GraphQLServlet@enabled property to false.

Changing endpoint name

By default, all GraphQL requests are mapped to /.graphql. You can change this by modifying the pattern property at /server/filters/servlets/GraphQLServlet/mappings/-.graphql--.

Access control

All requests to the GraphQL servlet pass through a filter chain. Make sure that the instance handling GraphQL requests in a production environment has an appropriate assignment of JCR Access Control Lists (ACLs) and Web Access permissions for the GraphQL endpoint and for the JCR workspaces where GraphQL content is stored. For more information, see the Security app.