The WebApi module has an implementation to “mask”
LocalizedExceptions so they aren’t exposed to the client. GraphQL accomplishes this by restricting verbose output to only those exceptions implementing
\GraphQL\Error\ClientAware, and only if the system is in developer mode. In these circumstances, Magento returns a full stack trace. Otherwise, Magento writes these exceptions to the system
exception.log file while returning an “internal server error” to the client.
You should implement the
\GraphQL\Error\ClientAware interface to handle errors in your module that are directly related to a GraphQL field having an anticipated exception. If you don’t, the client will not receive useful messages. However, you should ensure that you don’t implement the
ClientAware interface for too many exceptions. Doing this risks exposing sensitive data to the client.
Magento provides the following exception classes in
||Thrown when an authorization error occurs|
||Thrown when a query contains invalid input|
||Thrown when an expected resource doesn’t exist|