GraphQL is designed to offer a more flexible, self-serve developer experience, but its open-ended approach often raises questions about its security model. To deliver performance and security at all times, API platform teams should have the means to eliminate exposure to the potential performance impacts of excessively complex queries. Apollo is introducing a new approach for preventing unbounded access to GraphQL APIs: GraphOS persisted query safelisting. This allows API teams to prevent service degradation from complex queries by centrally safelisting known operations in Apollo Router. GraphOS offers varying levels of safelist restrictions that enable incremental adoption and flexibility in development environments without sacrificing security in production. Persisted query safelisting is available in preview today for Apollo customers on the GraphOS Enterprise plan, and teams can configure safelisting to maximize security and performance. Safelisting known operations in your router contributes yet another layer to your defense-in-depth strategy for your API platform, and combining it with additional checks such as governing operation shape and limiting scope of access can further enhance security.