GraphQL APIs have become essential tools for developers to enhance their applications, but they also invite malicious actors like bots to exploit them through data scraping, spamming, and custom queries. To strike a balance between security and utility, companies need to implement measures to block abusive bots from consuming their GraphQL API while allowing legitimate ones like search engines to scrape their websites. Apollo GraphOS provides an all-in-one solution to build, monitor, and secure GraphQL APIs, including built-in runtime security features that can help protect travel data from malicious bots. By extracting operations from known clients in advance and registering them with Persisted Queries Safelisting, companies can limit the execution of random requests while still allowing developers to craft unique operations. Additionally, using Apollo Router features like Operation Limits and Traffic Shaping allows companies to control the request rate per client and protect their API from scraping attacks.