Switchy
Sign up
developer-toolsapi_key

Grafbase

Grafbase is a platform that accelerates the development of GraphQL APIs, offering features like edge caching, unified data access, and seamless integration with popular authentication strategies.

Verdict

Grafbase is a GraphQL platform that manages federated schemas, API keys, and audit logs. In Switchy, @mentioning Grafbase lets your team provision API keys, review schema checks, enable or disable MCP servers, and delete configurations—all from chat. Developers shipping federated graphs get the most value: they can inspect schema changes during code review, rotate keys after a security incident, or audit who touched production configs. Setup requires an API key from your Grafbase dashboard. The MCP exposes 19 tools, but deleting audit logs may not work if Grafbase's API doesn't support it yet.

Common use cases

  • Rotate API keys after a security incident
  • Review schema checks during pull request review
  • Disable MCP servers for maintenance windows
  • Delete stale extension configs from chat
  • Audit who modified production graph settings

Integration

Vendor
Grafbase
Category
developer-tools
Auth
API_KEY
Tools
19
Composio slug
grafbase

Tools

  • Delete Extension
    destructive

    Tool to delete an extension configuration. Use after confirming the extension_id to remove the extension.

  • Delete Grafbase API Key
    destructive

    Tool to delete an existing API key. Use after confirming the key ID to revoke access.

  • Delete Grafbase Audit Log
    destructive

    Tool to delete a specific Grafbase audit log entry. Note: As of current Grafbase public documentation, there is no documented API to delete audit logs programmatically. This action will attempt a best-effort REST DELETE to `/audit-logs/{id}

  • Delete Grafbase Schema
    destructive

    Tool to delete a Grafbase schema. Use when you need to remove a specific schema from the registry after confirming its ID.

  • Delete MCP Server
    destructive

    Tool to delete a Grafbase MCP server configuration by its unique ID. Use after confirming the server ID to remove an existing MCP server.

  • Delete Schema Check
    destructive

    Tool to delete a Grafbase schema check. Use when you need to remove a specific schema check by its ID after reviewing the registry.

  • Disable MCP server

    Tool to disable the Model Context Protocol server. Use when you need to turn off MCP via API after it has been enabled.

  • Enable Grafbase MCP Server

    Tool to enable the Model Context Protocol (MCP) server for a Grafbase project. Use when you need to activate MCP support; if the API endpoint is not supported, this returns guidance for enabling via configuration.

  • Get Federated Schema

    Tool to retrieve the composed federated graph schema. Use after deploying your federated graph when you need the full SDL.

  • Get Grafbase Audit Log

    Tool to retrieve a specific Grafbase audit log entry. Use after confirming the audit log ID exists.

  • Get Grafbase Schema Check

    Tool to retrieve the result of a schema check by its ID. Use when you need to inspect a specific schema check after running a check via CLI or API.

  • Get Subgraph Schema

    Tool to retrieve the GraphQL SDL of a specific subgraph. Use after confirming the subgraph name to inspect its schema.

  • List API Keys

    Tool to list all API keys for a project. Use after authenticating with a valid token to retrieve the project’s API keys.

  • List Extensions

    Tool to list all extensions configured for a Grafbase project. Use after confirming project access when retrieving configured extensions programmatically.

  • List Grafbase Audit Logs

    Tool to list all audit logs for a project. Use when you need to retrieve historical events (up to 90 days). Note: As of current Grafbase public documentation, there is no documented API to list audit logs programmatically. This action will

  • List Grafbase Schema Checks

    Tool to list all Grafbase schema checks for a project. Use when you need to review past schema validation runs.

  • List Grafbase Schemas

    Tool to list all Grafbase schemas. Use when you need to retrieve all schemas in the registry.

  • List Grafbase Subgraphs

    Tool to list published subgraphs in a branch. Use when you need to retrieve endpoints of all subgraphs for a given branch.

  • List MCP Servers

    Tool to list all MCP servers configured for a project. Use when you need to retrieve existing MCP server configurations.

Setup

Setup guide

  1. 11. In Switchy, open the Space where you want Grafbase available and click the integrations panel. 2. Search for Grafbase and click Connect. 3. You'll be prompted to paste an API key—generate one in your Grafbase project settings under API Keys, copying the full token. 4. Paste the key into Switchy and click Authorize. 5. Switchy confirms the connection and lists the 19 tools now available. 6. To test, type '@Grafbase list all API keys for my project' in the Space—if you see a response listing keys or confirming none exist, the integration is live. 7. From now on, any message starting with '@Grafbase' will invoke the MCP's tools, so your team can manage schemas, keys, and servers without leaving the conversation.

What teammates see: by default, memories from Grafbase are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.

Works well with

Top models

Compatibility data appears once enough Spaces have used this MCP together with a given model.

How Switchy teams use it

Not enough Spaces yet to publish anonymised usage stats (we require ≥ 50 Spaces per week).

Starter prompts

List All API Keys

@Grafbase list all API keys for my project and show their creation dates and last-used timestamps.
Open in a Space →

Delete Unused Extension

@Grafbase delete the extension with ID ext_abc123 and confirm it no longer appears in the registry.
Open in a Space →

Check Recent Schema Changes

@Grafbase show me the five most recent schema checks and highlight any that failed validation.
Open in a Space →

Enable MCP Server

@Grafbase enable the MCP server for project proj_xyz789 and return the endpoint URL once it's live.
Open in a Space →

Revoke Compromised Key

@Grafbase delete the API key with ID key_def456 and confirm it can no longer authenticate requests.
Open in a Space →

Example outputs

Illustrative - representative of the model's voice and quality, not literal recordings.

Prompt

@grafbase list all active API keys for our production graph and show when each was last used

Output

Found 4 active API keys for your production graph: 1. 'ci-deploy-key' (created 2024-01-15, last used 2 hours ago) - Full access 2. 'frontend-prod' (created 2024-02-01, last used 12 minutes ago) - Read-only 3. 'analytics-service' (created 2024-02-10, last used 3 days ago) - Read-only 4. 'admin-backup' (created 2023-11-20, never used) - Full access The 'admin-backup' key hasn't been used in over 3 months. Consider rotating or removing unused keys for security.

Notes

This example shows Grafbase's key management capabilities. Requires API_KEY auth with admin scope to list keys across the project. The MCP can surface security hygiene issues like stale credentials, but cannot determine if a key is actually needed—coordinate with your team before revoking access.

Prompt

@grafbase delete the schema check from yesterday's failed CI run, then create a new check for the branch 'feature/user-profiles'

Output

Deleted schema check 'chk_8x2mq9' from the failed CI run (2024-03-14 16:42 UTC). Created new schema check for branch 'feature/user-profiles': - Check ID: chk_9p4fn1 - Status: In progress - Comparing against: main branch schema - Validating: Breaking changes, composition errors, deprecated field usage The check will complete in ~30 seconds. You'll receive a webhook notification if breaking changes are detected.

Notes

Demonstrates Grafbase's schema validation workflow for federated graphs. Deleting a check is permanent and removes its history from the registry—useful for cleaning up noise from aborted CI runs. Schema checks run asynchronously; the MCP confirms creation but doesn't wait for results.

Prompt

@grafbase review our audit logs from the past week and summarize any unusual extension or MCP server configuration changes

Output

Reviewed 47 audit log entries from March 8-15, 2024. Key findings: **Extension changes (3 events):** - March 12: 'auth-validator' extension updated by sarah@team.com (config change: added new OAuth provider) - March 14: 'rate-limiter' extension deleted by deploy-bot (automated cleanup) **MCP server changes (2 events):** - March 10: MCP server enabled for project 'api-gateway' by admin@team.com - March 13: MCP server 'mcp_5x8kl' disabled by system (health check failure) The automated MCP disable on March 13 is unusual—typically indicates connectivity issues. Check server logs for that timeframe.

Notes

Showcases how the AI can synthesize Grafbase audit data to surface operational anomalies. Note that Grafbase's audit log API may not support programmatic deletion (per tool description), so this is read-only analysis. Useful for post-incident review or compliance reporting, but audit retention policies are set at the account level.

Use-case deep-dives

GraphQL schema governance at 8-dev scale

When Grafbase MCP makes schema checks a team habit

A product team with 8 backend engineers ships 3-5 GraphQL schema changes per week. Without automation, schema reviews happen in PR comments and breaking changes slip through. The Grafbase MCP gives your AI assistant direct access to schema checks, audit logs, and extension configs—so standup conversations shift from 'did anyone review the schema?' to 'Claude, show me failed checks from yesterday and flag the breaking ones.' The MCP's 19 tools cover the full lifecycle: create checks, delete stale schemas, revoke API keys when contractors leave. This works until your schema registry hits 200+ versions or you need custom governance rules—at that threshold, you're writing your own tooling anyway. If your team merges schema changes daily and wants AI-native guardrails, Grafbase MCP turns schema governance into a Slack thread instead of a Jira ticket.

Contractor offboarding for API access

Revoking Grafbase keys without opening the dashboard

A 3-person startup hires contractors for a 6-week build, grants them Grafbase API keys for local dev, then needs to revoke access when the contract ends. The Grafbase MCP's Delete API Key and audit log tools let you handle this in Switchy: 'Claude, list all keys created in the last 60 days, then revoke the ones tagged contractor-Q1.' The AI cross-references audit logs to confirm which keys were actually used, so you're not blindly deleting. This scenario assumes you're already tagging keys at creation—if your key hygiene is messy, the MCP can't infer intent from names like 'test-key-final-v2.' The win is speed: offboarding moves from a 15-minute dashboard hunt to a 90-second AI conversation. If you onboard and offboard external devs more than twice a quarter, this MCP pays for itself in saved context-switching.

MCP server config drift across environments

Keeping staging and prod MCP servers in sync

A 5-engineer team runs Grafbase in staging and production, each with its own MCP server config. After a few sprints, the configs diverge—staging has debug extensions enabled, prod is missing a schema check that staging relies on. The Grafbase MCP's Enable/Disable MCP Server and Delete Extension tools let you audit and reconcile: 'Claude, compare MCP server settings between staging and prod, then disable the debug extension in staging to match prod.' The AI reads both environments' configs, flags the diff, and executes the changes in sequence. This assumes you have API keys scoped per environment and you're comfortable letting the AI write to prod (if not, use Switchy's approval gates). The boundary: if your team ships to more than 3 environments or has complex RBAC, the MCP's flat tool list gets unwieldy—you'll want Terraform or a custom CLI. For 2-3 environments and weekly deploys, this MCP keeps config drift from becoming a post-mortem footnote.

Frequently asked

What does the Grafbase MCP let Switchy do?

It connects your Grafbase GraphQL backend to Switchy so your team can manage schemas, API keys, extensions, and audit logs without leaving the workspace. You can enable or disable MCP servers, delete schema checks, and review configuration changes — all through natural language prompts instead of switching to the Grafbase dashboard.

Do I need admin access to connect Grafbase?

Yes. You'll need a Grafbase API key with permissions to read and modify project resources — schemas, extensions, audit logs, and MCP server settings. If your key only has read access, you'll see data but won't be able to delete keys or disable servers. Generate the key in your Grafbase project settings before connecting.

Can the Grafbase MCP deploy new GraphQL schemas?

No. It can delete existing schemas and schema checks, but it doesn't push new schema definitions or run deployments. For schema changes, use the Grafbase CLI or dashboard. The MCP is for managing what's already deployed — reviewing audit logs, revoking API keys, and cleaning up old configurations.

Why use this instead of the Grafbase CLI?

The CLI is faster for scripted workflows. The MCP is better when your team needs to check "who deleted that API key last week" or "is the MCP server still enabled" without context-switching. You can ask Switchy in plain English and get answers pulled from audit logs and live config, which the CLI doesn't surface conversationally.

Who on the team should connect Grafbase?

Whoever owns your Grafbase project and has the API key. Usually that's a backend lead or DevOps engineer. Once connected, anyone in the Switchy workspace can query schemas or audit logs, but only the person who connected it can revoke the integration. Plan your access accordingly if multiple people need admin control.

Data last verified 607 hours ago.Sources aggregated hourly to weekly. See docs/architecture/model-directory.md.