@amaster507 are you Slash GraphQL? If so then we have access logs and can dig into who accessed the instances.
We do have support for authorization rules in GraphQL which help you with these scenarios. See https://graphql.dgraph.io/authorization/ for more details. You’ll still have to block all other endpoints like /query and /mutate. These are disabled by default if you are using Slash GraphQL. Maybe we could also support starting Dgraph in GraphQL only mode which disables these endpoints by default so that the user doesn’t have to do this.