FireTail logo FireTail logo
Platform Documentation
SaaS platform docs
API Documentation
REST API reference
Release Notes
Changelog & releases
Go to App
Region
    • Welcome to FireTail's Documentation Hub
    • Product overview
    • Setup guide
    • Glossary
    • Dashboard overview
    • API risk dashboard
    • API traffic dashboard
    • AI dashboard
    • Dashboard filters
    • Tag reference guide
    • AI filters
        • Findings overview
        • FireTail's AI Findings
          • Adversarial suffix vulnerability
          • ANSI vulnerability
          • Attack generation vulnerability
          • Block list bypass vulnerability
          • Continuation vulnerability
          • DAN jailbreak vulnerability
          • Do-Not-Answer vulnerability
          • Glitch token vulnerability
          • Goodside vulnerability
          • Grandma vulnerability
          • Latent injection vulnerability
          • Malware generation vulnerability
          • Misleading claims vulerability
          • Modal jailbreak vulnerability
          • No output scanning
          • Package hallucination vulnerability
          • Phrasing vulnerability
          • Prompt encoding vulnerability
          • Prompt injection vulnerability
          • Prone to harmful content
          • Prone to toxic content generation
          • Repeat-reply vulnerability
          • Replay vulnerability
          • Snowball vulnerability
          • TAP jailbreak vulnerability
          • XSS attack vulnerability
          • AI Input Tokens Elevated
          • AI Input Tokens Reduced
          • AI Latency Elevated
          • AI Latency Reduced
          • AI Majority Stop Reason
          • AI Output Tokens Elevated
          • AI Output Tokens Reduced
          • AI Total Tokens Elevated
          • AI Total Tokens Reduced
          • AWS Secrets Found in AI Logs
          • Base64-encoded content detected in AI logs
          • Facebook Secrets Found in AI Logs
          • GitLab Secrets Found in AI Logs
          • Google Secrets Found in AI Logs
          • Mailgun Secrets Found in AI Logs
          • Multilingual content detected in AI logs
          • PayPal Secrets Found in AI Logs
          • PII Detected in AI Logs
          • SendGrid Secrets Found in AI Logs
          • Slack Secrets Found in AI Logs
          • Stripe Secrets Found in AI Logs
          • Twilio Secrets Found in AI Logs
        • Resource Policies overview
        • Create a resource policy
        • Alerting overview
        • Create an anomaly alert
        • Comparison of static and anomaly alerts
        • Delete an alert
        • Static alert
        • Alert examples
        • Actions
        • Event driven actions
        • Scheduled actions
        • Managed actions
        • Actions history
        • Actions quotas
    • Inventory
      • Overview
      • Browser Policies
      • Cloud logs
      • FireTail AI Monitor browser extension
        • API Findings overview
        • FireTail's API Findings
          • Accepted negative data
          • Alias Overloading
          • Array-based Query Batching
          • CVE Detected
          • Data exposure detected
          • Default Login Detected
          • Directive Overloading
          • Field Duplication
          • Field Suggestions
          • Get Method Query Support
          • GraphQL client error
          • GraphQL IDE
          • GraphQL server error
          • Introspection is enabled
          • Introspection-based Circular Query
          • JSON deserialization error
          • Malformed media type
          • Missing Content-Type header
          • Missing required headers
          • Mutation over GET
          • POST based url-encoded query (possible CSRF)
          • Response time limit exceeded
          • Response timeout
          • Response violates schema
          • Server error
          • Tracing enabled
          • Undocumented Content-Type
          • Undocumented HTTP status code
          • Unexpected GraphQL Response
          • Unhandled Errors in GraphQL Endpoint
          • Use after free
          • Access logging should be configured for API Gateway V2 Stages
          • API Gateway access logging is not configured for FireTail
          • API Gateway REST and WebSocket API execution logging should be enabled
          • API Gateway Stage missing WAF
          • AppSync field-level logging is not enabled
          • AppSync GraphQL API authentication using API keys
          • AppSync Graphql API is missing WAF
          • AppSync GraphQL API query depth limit high
          • AppSync GraphQL API query depth limit not set
          • AppSync GraphQL API resolver count limit high
          • AppSync GraphQL API resolver count limit not set
          • AppSync introspection endpoint enabled
          • AppSync logging is not enabled
          • AWS ALB has insecure desync mitigation mode
          • AWS ALB has WAF set to fail open
          • AWS ALB is missing WAF
          • AWS ALB listeners should be configured with a strong security policy
          • AWS ALB listeners should use HTTPS or TLS termination
          • AWS ALB logging is not enabled
          • AWS ALB not configured to drop invalid HTTP headers
          • AWS ALB should redirect HTTP to HTTPS
          • AWS Load Balancer missing deletion protection
          • Average Combined Header Size Elevated
          • Average Combined Header Size Reduced
          • Average Combined Payload Size Elevated
          • Average Combined Payload Size Reduced
          • Average Execution Time Elevated
          • Average Execution Time Reduced
          • Average Request Header Size Elevated
          • Average Request Header Size Reduced
          • Average Request Payload Size Elevated
          • Average Request Payload Size Reduced
          • Average Response Header Size Elevated
          • Average Response Header Size Reduced
          • Average Response Payload Size Elevated
          • Average Response Payload Size Reduced
          • AWS secrets found in logs
          • Basic Authentication found in logs
          • Facebook secrets found in logs
          • Fuzzing Successful
          • GitLab secrets found in logs
          • Google secrets found in logs
          • GraphQL injection found in logs
          • Mailgun secrets found in logs
          • Majority Response Status Codes 1XX
          • Majority Response Status Codes 3XX
          • Majority Response Status Codes 4XX
          • Majority Response Status Codes 5XX
          • Malicious activity found in logs
          • Paypal secrets found in logs
          • PHP injection found in logs
          • PII detected in logs
          • SendGrid secrets found in logs
          • Slack secrets found in logs
          • SQL Injection found in logs
          • SSL Vulnerabilities Detected
          • Stripe secrets found in logs
          • Suspicious activity found in logs
          • Twilio secrets found in logs
          • Vulnerabilities Detected
          • XSS attempt found in logs
          • API key in query string
          • API key in URL
          • Authentication removed
          • AWS API Gateway not private
          • Basic HTTP auth
          • Circular references
          • Credentials in URL
          • Index creation failed
          • Insecure auth scheme
          • Insecure host (OAS2)
          • Insecure host (OAS3)
          • Legacy integer limit
          • Missing 401 response
          • Missing 429 response
          • Missing 4xx response
          • Missing 500 response
          • Missing additional properties
          • Missing array limit
          • Missing authentication
          • Missing global security
          • Missing global security
          • Missing rate limit headers
          • Missing retry header
          • Non-standard JSON Web Token
          • Numeric ID
          • Plaintext alternative authentication
          • Plaintext API key
          • Plaintext Basic Authentication
          • Plaintext Bearer Token
          • Plaintext Digest Authentication
          • Plaintext negotiated authentication
          • Plaintext unknown authentication
          • Schema build failure
          • Unconstrained additional properties
          • Undefined integer format
          • Undefined integer limit
          • Undefined string limit
          • Unresolvable references
          • Unrestricted string
        • Resource Policies overview
        • Create a resource policy
        • Alerting overview
        • API static alert
        • Create an anomaly alert
        • Comparison of static and anomaly alerts
        • Managed API alerts
        • Delete an alert
        • Update an API static alert
        • Update an API anomaly alert
        • API actions
        • API event driven actions
        • API scheduled actions
        • API managed actions
        • Custom action integration example
        • Actions history
        • Actions quotas
      • API inventory overview
      • Create an API
      • Delete an API
      • Modify an API
      • Create an API token
      • Delete an API token
      • API risk scoring
        • Specifications overview
        • Upload a specification
        • Generate a specification
        • Upload a new version of a specification
        • Delete a specification
    • API Logging
    • Create an auth provider
      • Add a member to an organization
      • Roles and permissions
      • Change member role
      • Delete member
      • Reset password
      • Reset two-factor authentication
    • Understanding quotas in FireTail
    • Audit Logging
      • Create a project
      • Modify a project
      • Delete a project
      • Create a project token
      • Delete a project token
      • Events overview
      • Event codes
      • Integrations overview
      • Dynamic variables
      • Integrations permissions requirements
      • Delete an integration
        • AWS inventory scanning (single account)
        • AWS inventory scanning (multi-account)
        • Update FireTail scanning role in AWS inventory scanning
        • Azure inventory scanning
        • Google Cloud inventory scanning
        • Wiz integration setup
        • GitHub integration for API & AI discovery
        • GitLab integration for API & AI discovery
        • Bitbucket Cloud repo scanning for API & AI discovery
        • Azure DevOps repo scanning for API & AI discovery
        • Google Workspace AI Discovery Scanning
        • AWS Bedrock invoke
        • OpenAI discovery
        • Google Cloud API Gateway logging
        • AWS API Gateway logging with AWS Lambda
        • AWS Bedrock logging with AWS Lambda
        • AWS API Gateway logging with Kinesis FireHose
        • AppSync Lambda logging
        • Lambda extension
        • AWS Application Load Balancer logging
        • Azure API Management service logging
        • Fastly logging
        • Set up a Slack integration
        • Set up an Elastic Cloud integration
        • Set up a Microsoft Teams integration
        • Set up a Lambda notification integration
        • Set up a Jira integration
        • Set up an HTTP Webhook integration
        • AWS WAFv2 IP Set
        • Set up a Splunk integration
        • Set up a PagerDuty integration
        • Set up an email integration
        • Set up a ServiceNow integration
        • Set up an SMTP Email notification
        • Customize notification integrations
        • Notification history
        • Code library overview
        • Python library
        • Go library
        • FireTail Node JS library
        • Ruby library
        • GitHub actions
        • NGINX module
        • APISIX integration
        • KrakenD plugin
        • Rust library
        • Kubernetes sensor
        • Introduction
        • Quickstart
        • Command-line interface
        • Routing
        • Request handling
        • Response handling
        • Security
        • FireTail cookbook
        • Exception handling
      • OWASP Top 10 report
      • Findings report
      • Mitre CWE Top 25 report
      • CIS API Security Guide report
      • Mitre techniques report
      • Mitre tactics report
      • Platform usage report
      • AWS Bedrock AI resources report
      • OpenAI resources report
      • GitHub AI resource scanning service report
      • GitLab AI resource scanning service report
      • Azure AI service report
      • Azure OpenAI service resources report
    • Programmatic Access Setup
      • How do I create an account?
      • How do I log in to the platform?
      • How do I reset my password?
      • Why create an organization?
      • How do I delete a member?
      • What are the differences between the subscription plans?
      • How do I switch my subscription plan?
      • How do I change my payment details?
      • How do I scan my AWS account for APIs?
      • Do you have any integrations with Azure?
      • Can I set up an on premise installation?
      • How do I view and analyze AI logs?
      • How can I check my usage quotas?
      • How long is traffic data stored?
      • How do I download information from the FireTail platform?
      • What is the significance of token usage in AI services?
      • What is the difference between an AI system prompt and a user prompt?
      • What does FireTail consider an API?
      • What's the difference between a finding and an alert?
      • What happens when a finding is fixed?

Unhandled Errors in GraphQL Endpoint

Updated: January 23, 2026

Findings Action Based Findings API Finding

Description

The GraphQL endpoint does not handle exception errors.

Remediation

Ensure the GraphQL API properly handles errors.

Need help?

Contact FireTail support