Editorial Endpoint Configuration
While the GCA primarily uses a "code as configuration" approach where developers define schema settings in Java, Brightspot also supports creating and configuring GCA endpoints entirely through the CMS user interface. Editorial endpoints expose the same engine and nearly the same configuration surface as code-based endpoints—exposed content types, view models, mutations, security, and more—without code changes or deployments.
When to use editorial vs. code-based configuration
| Choose editorial when... | Choose code when... |
|---|---|
| Content administrators need to create API endpoints on demand. | The endpoint is part of your application's contract and belongs in version control. |
| You want rapid iteration without deployments. | You need custom logic—suppliers, filters, naming functions—beyond what UI selections express. |
| Endpoint management is delegated to non-developers. | You want code review and repeatable environments for API changes. |
The two approaches share everything below the surface: an editorial endpoint simply builds the same GCASchemaSettings object from values entered in the UI. Several editorial fields accept pluggable setting objects (e.g. site suppliers, field filters) whose concrete options are implemented in code and then selected editorially—a useful middle ground where developers define the vocabulary and editors compose it.
Creating an endpoint
- In the CMS, go to Admin → APIs.
- Create a new GraphQL Content API item.
- Fill in the top-level fields:
| Field | Description |
|---|---|
| Name | Display name, e.g. "Production Content API". |
| Path | The endpoint URL path. Defaults to /graphql/content/{name} if left blank. |
| Schema Settings | The embedded schema configuration—see below. |
| API Access | Who may call the endpoint (API keys, implicit access). See Security. |
| CORS Configuration | Allowed origins and headers for browser clients. |
| Persisted Query Protocol | Enable persisted queries. |
- Publish. The endpoint is live immediately at the configured path, and visible in the GraphQL Explorer's endpoint picker.
Schema settings, tab by tab
The embedded Schema Settings form groups options into clusters that mirror the Java settings reference—each UI field maps to a builder method.
Main
- Read/Write Content Types — types exposed with mutations (
mutableEntryTypes). - Read-only Content Types — types exposed for Get/Query only (
readonlyEntryTypes). - Entry Views — content-backed view model classes (
entryViewClasses).
Database Queries
- Allow Database Queries — the master switch. Turning it off is equivalent to
onlyAllowUniqueIndexLookups(): callers can fetch single items but not run arbitrary queries. - Default / Maximum Query Limit, Maximum Query Timeout — pagination and timeout bounds.
- Group-By Queries, Query Field Execution, Visibility filtering — the remaining query toggles, shown when database queries are enabled.
Content Edit
- Site — a pluggable
SiteSupplierSettingcontrolling site scoping for reads and writes. - Tool User — a pluggable
ToolUserSupplierSettingcontrolling save attribution. - Content Action Types — which write actions (Save, Publish, Archive, Restore, Delete, Workflow) the endpoint exposes.
- Revisions / Previews / Overlays / Derivations — the editorial Get features.
- Allow Raw State Access — adds
_rawto record types.
View System
- Query / Mutation Endpoint View Models — standalone view models per operation type.
- Theme — a pluggable
ThemeSupplierSettingfor strongly-typed theme/style fields. - Include Model On Views, Allow Raw View Access, Exclude Type Names From Raw View, Disallow All State Access — view exposure controls, including full CDA mode.
Static Methods
- Query / Mutation Static Methods — pluggable suppliers mapping Java methods (with optional aliases) into the Execute operation.
Naming and Filters
- Content Type / View Interface Name Settings — custom naming functions.
- Field Filter, Reference Type Filter, Rich Text Element Type Filter — pluggable filter settings restricting what the schema exposes.
Security
- Allow Introspection Queries — GraphQL
__schemaintrospection (off in production by default). - Query Timeout, Maximum Query Depth — execution limits.
- Static / Dynamic Query Complexity Managers, Default / Embedded / Reference Field Complexity — query complexity budgets.
Documentation
- Schema Locale — locale used for generated schema documentation.
- Docs Search / Javadocs Provider — external documentation links embedded in the schema.
Debug
- Verbose Client Errors, Include Debug Directives, Profile Schema Load, and SDL output toggles (exclude directives/definitions/comments).
Advanced
The long tail of schema-shape toggles: Type System Introspection, Type-Specific Entry Fields, Abstract Subtypes In Query Entry Fields, Only Explicit Entry Fields, Queries On Singleton Entry Fields, Inline Modification Fields, Disallow Null Collection Items, Implicit View Entry Fields, and View Field-Specific Type Parameters—each documented in the settings reference.
Extending the editorial vocabulary
The pluggable settings (site suppliers, tool user suppliers, theme suppliers, field filters, complexity managers, static method suppliers) are abstract embedded types. To offer editors a new option, implement the corresponding abstract class in your project—for example a FieldFilterSetting subclass that hides fields by naming convention—and it automatically appears as a choice in the UI. This keeps custom logic in reviewed code while leaving composition to editors.
Next steps
- GCA Schema Settings Reference — what every option does, in depth
- Security — API access, keys, and CORS
- GraphQL Explorer — test your editorial endpoint immediately