What is persisted queries in GraphQL?

Persisted queries are a performance and security optimization where query strings are stored on the server and clients send only a hash instead of the full query text. Instead of sending { "query": "{ users { id name email ... } }" }, the client sends { "extensions": { "persistedQuery": { "version": 1, "sha256Hash": "abc123..." } } }. Benefits: (1) Smaller requests — just a hash instead of potentially kilobytes of query text. (2) Better caching — queries can be GET-requested and cached by CDNs. (3) Security — with Automatic Persisted Queries (APQ) or whitelisting, only pre-approved queries can execute, blocking arbitrary query attacks. Apollo Server supports APQ out of the box. Trusted document queries (previously called safelisted/whitelisted queries) only allow pre-registered operations — maximum security for production.