[trusted_documents]
enabled = true
enforced = false
bypass_header_name = "my-header-name" # default null
bypass_header_value = "my-secret-is-{{ env.SECRET_HEADER_VALUE }}" # default null
document_id_unknown_log_level = "error" # default: info
document_id_and_query_mismatch_log_level = "off" # default: info
inline_document_unknown_log_level = "warn" # default: info

• enabled: Enables or disables handling of trusted documents. Regular queries are still accepted when this is true, but in addition, the gateway will accept queries with only a document id or the persisted query extension. Default value is false.
• enforced: When true, the gateway will enforce the usage of trusted documents, that is to say, GraphQL requests that contain a GraphQL document that isn't part of the trusted documents uploaded for the client will be rejected. Default value is false.
• bypass_header_name and bypass_header_value: If both values are not null, the router accepts arbitrary GraphQL documents whenever you pass the configured HTTP header. As seen in the example above, the value string can have interpolated environment variables, to avoid including secrets in your gateway configuration file.
• document_id_unknown_log_level: Log level of the log message emitted when a document id is present in the request, but the corresponding trusted document cannot be found. Default value is info.
• document_id_and_query_mismatch_log_level: Log level of the log message emitted when both a query document and a document id are sent, and the retrieved trusted document does not match the inline query document. Default value is info.
• inline_document_unknown_log_level: Log level of the log message emitted when an inline document (a string in the "query" key of a the request) is sent without document id, but no trusted document is found with the id matching the sha256 hash of the inline document. Default value is info.

Read more about trusted documents.