Skip to main content

ApiOptions

@vendure/coreSource

The ApiOptions define how the Vendure GraphQL APIs are exposed, as well as allowing the API layer to be extended with middleware.

Signature

hostname

propertystring
Default:''

Set the hostname of the server. If not set, the server will be available on localhost.

port

propertynumber
Default:3000

Which port the Vendure server should listen on.

adminApiPath

propertystring
Default:'admin-api'

The path to the admin GraphQL API.

shopApiPath

propertystring
Default:'shop-api'

The path to the shop GraphQL API.

adminApiPlayground

propertyboolean | RenderPageOptions
Default:false

The playground config to the admin GraphQL API ApolloServer playground.

shopApiPlayground

propertyboolean | RenderPageOptions
Default:false

The playground config to the shop GraphQL API ApolloServer playground.

adminApiDebug

propertyboolean
Default:false

The debug config to the admin GraphQL API ApolloServer playground.

shopApiDebug

propertyboolean
Default:false

The debug config to the shop GraphQL API ApolloServer playground.

shopListQueryLimit

propertynumber
Default:100

The maximum number of items that may be returned by a query which returns a PaginatedList response. In other words, this is the upper limit of the take input option.

adminListQueryLimit

propertynumber
Default:1000

The maximum number of items that may be returned by a query which returns a PaginatedList response. In other words, this is the upper limit of the take input option.

adminApiValidationRules

propertyArray<(context: ValidationContext) => any>
Default:[]

Custom functions to use as additional validation rules when validating the schema for the admin GraphQL API ApolloServer validation rules.

shopApiValidationRules

propertyArray<(context: ValidationContext) => any>
Default:[]

Custom functions to use as additional validation rules when validating the schema for the shop GraphQL API ApolloServer validation rules.

channelTokenKey

propertystring
Default:'vendure-token'

The name of the property which contains the token of the active channel. This property can be included either in the request header or as a query string.

cors

propertyboolean | CorsOptions
Default:{ origin: true, credentials: true }

Set the CORS handling for the server. See the express CORS docs.

middleware

propertyMiddleware[]
Default:[]

Custom Express or NestJS middleware for the server. More information can be found in the Middleware docs.

trustProxy

propertyTrustProxyOptionsv3.4.0
Default:false

Set the trust proxy configuration for the server. See the express proxy docs.

apolloServerPlugins

propertyApolloServerPlugin[]
Default:[]

Custom ApolloServerPlugins which allow the extension of the Apollo Server, which is the underlying GraphQL server used by Vendure.

Apollo plugins can be used e.g. to perform custom data transformations on incoming operations or outgoing data.

introspection

propertybooleanv1.5.0
Default:true

Controls whether introspection of the GraphQL APIs is enabled. For production, it is recommended to disable introspection, since exposing your entire schema can allow an attacker to trivially learn all operations and much more easily find any potentially exploitable queries.

Note: when introspection is disabled, tooling which relies on it for things like autocompletion will not work.

Example

Ts
Was this chapter helpful?
Report Issue
Edited Feb 25, 2026ยทEdit this page