# Run a query or mutation

**POST /groups/{groupId}/apps/{appId}/graphql**

Run a query or mutation as a system user that bypasses
authentication and data access rules. You can access metadata
about your API, including its schema, with an
[introspection](https://graphql.org/learn/introspection/) query.


## Servers
- The root API resource and starting point for the App Services API.: https://services.cloud.mongodb.com/api/admin/v3.0 (The root API resource and starting point for the App Services API.)


## Authentication methods
- Token auth


## Parameters

### Path parameters
- **groupId** (string)
  An Atlas [Project/Group
  ID](https://docs.atlas.mongodb.com/tutorial/manage-projects/).
- **appId** (string)
  The ObjectID of your application.
  [The App Services API Project and Application IDs section](#section/Project-and-Application-IDs) demonstrates how to find this
  value.


### Body: application/json (object)

- **query** (string)
  A stringified `.graphql` file that contains one or
  more valid GraphQL operations for your API. If more
  than one operation is defined, you must specify
  which operation to run in `operationName`.
- **variables** (string)
  A stringified JSON object where each field name maps
  a value to a variable in the specified operation.
- **operationName** (string)
  The name of the GraphQL operation specified in
  `query` to run.


## Responses
### 200
OK

#### Body: application/json (object)
- **data** (object | null)
  The result of a successful operation. If `null`, the operation had errors.
- **errors** (array[object])
  A list of errors encountered while running an operation.


[Powered by Bump.sh](https://bump.sh)