MySQL
Rubrik provides API-driven backup and recovery for self-managed MySQL databases running on physical and virtual hosts. Protection is applied at the instance level — a running mysqld process on a host — and the individual databases inside that instance are discovered automatically and inherit the instance's protection. This guide covers the full workflow: discovering instances, assigning protection, taking on-demand backups, recovering with point-in-time live mounts and automated restores, and registering instances.
Naming is not consistent — copy names verbatim
The MySQL API surface mixes two spellings across operation and type names. Most operations use a mysql* prefix (mysqlInstances, addMysqlInstance, patchMysqlInstance, pitRestoreMysqlInstance), while some mutations use mysqldb* (createOnDemandMysqldbInstanceSnapshot, createAutomatedRestoreMysqldbInstance, deleteMysqldbInstanceLiveMount). Every input and object type is uniformly Mysqldb* — for example, the mysqlInstance query returns a MysqldbInstance, and addMysqlInstance takes an AddMysqldbInstanceInput. Copy every name exactly as written.
Prerequisites
Before protecting MySQL instances through the API:
-
Register your MySQL host and instance — A MySQL instance must be registered with a Rubrik cluster before it can be protected. See Set Up a MySQL Instance at the bottom of this guide. The host running MySQL must already be added to your Rubrik cluster — see Hosts. After registration, databases are discovered automatically.
-
Locate your SLA Domain — See SLA Domains to retrieve the UUID of the SLA policy you want to apply. You'll need this when assigning protection.
-
Obtain an access token — See Authentication for the OAuth2 client credentials flow used in all API calls.
Object Model
The MySQL hierarchy in RSC is:
MySQL Instance → Database
A MySQL Instance is a running mysqld process on a host. Protection is configured at this level — it is the snappable. The databases within the instance are discovered automatically and inherit the instance's effective SLA Domain; you do not assign SLAs to individual databases. Backups and restores are likewise driven from the instance.
Discover Your Environment
MySQL Instances
List your registered instances to confirm discovery completed and to retrieve instance FIDs. The id field returned here is the FID you pass to backup, recovery, and lifecycle operations. Results are paginated — see Pagination.
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="query { mysqlInstances( filter: [ {field: IS_RELIC, texts: \\\"false\\\"} {field: IS_REPLICATED, texts: \\\"false\\\"} ] ) { nodes { id name objectType effectiveSlaDomain { id name } cluster { id name } status { status } metadata { version lastSuccessfulRefreshTime } numWorkloadDescendants } } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Databases
Query the databases discovered inside your instances. Each database reports the effectiveSlaDomain it inherits from its parent instance, so this is the view to use when confirming that protection has propagated.
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="query { mysqlDatabases( filter: [ {field: IS_RELIC, texts: \\\"false\\\"} {field: IS_REPLICATED, texts: \\\"false\\\"} ] ) { nodes { id name objectType effectiveSlaDomain { id name } logicalPath { name objectType } } } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Configure Protection
Assign an SLA Domain
Use the assignSla mutation to assign an SLA Domain to a MySQL instance. Every database in the instance inherits it. See SLA Domains for the full walkthrough.
Log backup frequency and retention are required
MySQL point-in-time recovery depends on binary log backups. The SLA Domain you assign to a MySQL instance must define both a log backup frequency and a log retention — assigning an SLA that leaves either unset is rejected. Set them to cover the recovery window you need between full snapshots. See SLA Domains for how these are configured.
On-Demand Backup
Trigger an immediate backup of an instance outside its scheduled SLA policy with createOnDemandMysqldbInstanceSnapshot. The id is the instance FID. The optional config.baseOnDemandSnapshotConfig.slaId controls the retention applied to this snapshot — omit config entirely to use the instance's effective SLA.
Set config.snapshotType to choose what kind of backup to take:
snapshotType |
What it captures |
|---|---|
MYSQLDB_ON_DEMAND_SNAPSHOT_CONFIG_SNAPSHOT_TYPE_FULL |
A complete backup of the instance's data |
MYSQLDB_ON_DEMAND_SNAPSHOT_CONFIG_SNAPSHOT_TYPE_LOG |
A backup of the binary logs only |
Only FULL and LOG snapshots are supported
The MysqldbOnDemandSnapshotConfigSnapshotType enum also defines an INCREMENTAL value, but incremental on-demand snapshots are disabled for MySQL. Use only FULL or LOG.
The mutation returns an AsyncRequestStatus — see Monitor Jobs to track it to completion.
mutation {
createOnDemandMysqldbInstanceSnapshot(input: {
id: "f1e2d3c4-b5a6-7890-1234-567890abcdef"
config: {
baseOnDemandSnapshotConfig: {
slaId: "9f706c3c-4678-44e5-99fe-50ebde6b308e"
}
snapshotType: MYSQLDB_ON_DEMAND_SNAPSHOT_CONFIG_SNAPSHOT_TYPE_FULL
}
userNote: "Pre-migration backup"
}) {
id
status
}
}
# No toolkit cmdlet available for MySQL — use the generic New-RscMutation
$mutation = New-RscMutation -GqlMutation createOnDemandMysqldbInstanceSnapshot
$mutation.Var.input = @{
id = "f1e2d3c4-b5a6-7890-1234-567890abcdef"
config = @{
baseOnDemandSnapshotConfig = @{ slaId = "9f706c3c-4678-44e5-99fe-50ebde6b308e" }
snapshotType = "MYSQLDB_ON_DEMAND_SNAPSHOT_CONFIG_SNAPSHOT_TYPE_FULL"
}
userNote = "Pre-migration backup"
}
$mutation.Invoke()
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="mutation { createOnDemandMysqldbInstanceSnapshot(input: { id: \\\"f1e2d3c4-b5a6-7890-1234-567890abcdef\\\" config: { baseOnDemandSnapshotConfig: { slaId: \\\"9f706c3c-4678-44e5-99fe-50ebde6b308e\\\" } snapshotType: MYSQLDB_ON_DEMAND_SNAPSHOT_CONFIG_SNAPSHOT_TYPE_FULL } userNote: \\\"Pre-migration backup\\\" }) { id status } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Recovery
MySQL offers two recovery operations. Both recover to a point in time rather than to a snapshot ID:
| Operation | What it does | Use when |
|---|---|---|
pitRestoreMysqlInstance |
Exports data and binary logs to a target host and rolls forward to a timestamp — this is how a MySQL live mount is created (v9.4+) | Quick validation, dev/test access, or recovering to a moment between snapshots |
createAutomatedRestoreMysqldbInstance |
Full automated recovery into an existing target MySQL instance, with database renaming and scope selection (v9.5+) | Production restores where Rubrik orchestrates the complete recovery into a running instance |
Recovery timestamps use ISO 8601 format (2025-01-15T14:30:00.000Z).
Point-in-Time Recovery (Live Mount)
pitRestoreMysqlInstance (v9.4+) exports the instance's data and replays binary logs to roll forward to a precise time on one or more target hosts. There is no separate create-live-mount mutation — this operation is how MySQL live mounts are created. The exported instance then appears in mysqlInstanceLiveMounts and is torn down with deleteMysqldbInstanceLiveMount (see Manage Live Mounts).
Fields in mysqldbInstancePitRestoreConfig.pitRestoreInfo:
hostRecoveryTargets(required) — the target host(s) to recover onto, each identified byhostId. The list must be non-empty; there is no in-place point-in-time recovery.recoveryTime(optional) — the timestamp to roll forward to; omit it to recover to the latest available point.recoveryName(optional) — a name for the recovered instance.
The mutation returns a PitRestoreMysqldbInstanceResponse. Capture its id to identify the new live mount, and asyncRequestStatus.id to monitor the job.
mutation {
pitRestoreMysqlInstance(input: {
id: "f1e2d3c4-b5a6-7890-1234-567890abcdef"
mysqldbInstancePitRestoreConfig: {
pitRestoreInfo: {
recoveryTime: "2025-01-15T14:30:00.000Z"
hostRecoveryTargets: [
{
hostId: "b2c3d4e5-f6a7-8901-bcde-f12345678901"
}
]
}
}
}) {
id
asyncRequestStatus {
id
status
}
}
}
# No toolkit cmdlet available for MySQL — use the generic New-RscMutation
$mutation = New-RscMutation -GqlMutation pitRestoreMysqlInstance
$mutation.Var.input = @{
id = "f1e2d3c4-b5a6-7890-1234-567890abcdef"
mysqldbInstancePitRestoreConfig = @{
pitRestoreInfo = @{
recoveryTime = "2025-01-15T14:30:00.000Z"
hostRecoveryTargets = @(
@{ hostId = "b2c3d4e5-f6a7-8901-bcde-f12345678901" }
)
}
}
}
$mutation.Invoke()
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="mutation { pitRestoreMysqlInstance(input: { id: \\\"f1e2d3c4-b5a6-7890-1234-567890abcdef\\\" mysqldbInstancePitRestoreConfig: { pitRestoreInfo: { recoveryTime: \\\"2025-01-15T14:30:00.000Z\\\" hostRecoveryTargets: [ { hostId: \\\"b2c3d4e5-f6a7-8901-bcde-f12345678901\\\" } ] } } }) { id asyncRequestStatus { id status } } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Automated Restore
createAutomatedRestoreMysqldbInstance (v9.5+) performs a full automated recovery into an existing target MySQL instance. It is richer than point-in-time recovery: it supports renaming the recovered databases, selecting instance-level versus database-level scope, and managing the target's configuration file.
Required fields in restoreConfig:
targetMysqldbInstanceId(required) — the FID of the target instance to restore intorestoreInfo.restoreName(required) — a name for the restore operationrestoreInfo.restoreEntities(required) — the databases to restorerestoreInfo.locationMap(required) — for each snapshot, the backuplocationIdandsnapshotIdto restore fromrestoreInfo.restoreTime(optional) — the point in time to recover to
The mutation returns a CreateAutomatedRestoreMysqldbInstanceReply; track asyncRequestStatus.id to monitor progress.
mutation {
createAutomatedRestoreMysqldbInstance(input: {
id: "f1e2d3c4-b5a6-7890-1234-567890abcdef"
restoreConfig: {
targetMysqldbInstanceId: "0a1b2c3d-4e5f-6789-0abc-def123456789"
restoreInfo: {
restoreName: "payments-restore"
restoreEntities: ["payments", "orders"]
restoreTime: "2025-01-15T14:30:00.000Z"
locationMap: [
{
locationId: "c3d4e5f6-a7b8-9012-cdef-123456789012"
snapshotId: "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
]
}
}
}) {
id
asyncRequestStatus {
id
status
}
}
}
# No toolkit cmdlet available for MySQL — use the generic New-RscMutation
$mutation = New-RscMutation -GqlMutation createAutomatedRestoreMysqldbInstance
$mutation.Var.input = @{
id = "f1e2d3c4-b5a6-7890-1234-567890abcdef"
restoreConfig = @{
targetMysqldbInstanceId = "0a1b2c3d-4e5f-6789-0abc-def123456789"
restoreInfo = @{
restoreName = "payments-restore"
restoreEntities = @("payments", "orders")
restoreTime = "2025-01-15T14:30:00.000Z"
locationMap = @(
@{
locationId = "c3d4e5f6-a7b8-9012-cdef-123456789012"
snapshotId = "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
)
}
}
}
$mutation.Invoke()
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="mutation { createAutomatedRestoreMysqldbInstance(input: { id: \\\"f1e2d3c4-b5a6-7890-1234-567890abcdef\\\" restoreConfig: { targetMysqldbInstanceId: \\\"0a1b2c3d-4e5f-6789-0abc-def123456789\\\" restoreInfo: { restoreName: \\\"payments-restore\\\" restoreEntities: [\\\"payments\\\", \\\"orders\\\"] restoreTime: \\\"2025-01-15T14:30:00.000Z\\\" locationMap: [ { locationId: \\\"c3d4e5f6-a7b8-9012-cdef-123456789012\\\" snapshotId: \\\"a1b2c3d4-e5f6-7890-abcd-ef1234567890\\\" } ] } } }) { id asyncRequestStatus { id status } } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Manage Live Mounts
A live mount created by pitRestoreMysqlInstance stays active until you delete it, consuming resources on the target host. List active mounts with mysqlInstanceLiveMounts, then tear one down with deleteMysqldbInstanceLiveMount.
The id passed to deleteMysqldbInstanceLiveMount is the live mount id from mysqlInstanceLiveMounts — not the source instance FID and not the async request id returned when the mount was created.
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="query { mysqlInstanceLiveMounts { nodes { id name workloadId workloadName hostMountPath mountCreateTime pointInTime mountedHost { id name } } } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Delete a live mount when finished:
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="mutation { deleteMysqldbInstanceLiveMount(input: { id: \\\"d4e5f6a7-b8c9-0123-def1-234567890123\\\" }) { id status } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Monitor Jobs
All backup and recovery operations are asynchronous and return a request id. MySQL does not have a dedicated per-workload async-status query — use the generic jobInfo query instead.
Pass the request id as requestId, set type to MYSQLDB_INSTANCE, and provide the instance FID under additionalInfo.mysqldbInstanceInfo.mysqldbInstanceFid. Unlike Oracle, Nutanix, SQL Server, and filesets, MySQL job lookups do not require a clusterUuid. The returned JobInfo status is one of SUCCESS, FAILURE, IN_PROGRESS, or UNSPECIFIED.
Role requirement
The jobInfo query requires the Administrator or Owner role. A service account scoped to narrower MySQL permissions can run backups and restores but cannot poll job status through this query.
# No toolkit cmdlet available for MySQL — use the generic New-RscQuery
# jobInfo requires Administrator or Owner role
$query = New-RscQuery -GqlQuery jobInfo
$query.Var.input = @{
requestId = "MYSQLDB_INSTANCE_RESTORE_f1e2d3c4-b5a6-7890-1234-567890abcdef_00000000-0000-0000-0000-000000000000:::0"
type = "MYSQLDB_INSTANCE"
additionalInfo = @{
mysqldbInstanceInfo = @{
mysqldbInstanceFid = "f1e2d3c4-b5a6-7890-1234-567890abcdef"
}
}
}
$query.Invoke()
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="query { jobInfo(input: { requestId: \\\"MYSQLDB_INSTANCE_RESTORE_f1e2d3c4-b5a6-7890-1234-567890abcdef_00000000-0000-0000-0000-000000000000:::0\\\" type: MYSQLDB_INSTANCE additionalInfo: { mysqldbInstanceInfo: { mysqldbInstanceFid: \\\"f1e2d3c4-b5a6-7890-1234-567890abcdef\\\" } } }) { status } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Set Up a MySQL Instance
Register an Instance
Register a MySQL instance with Rubrik using addMysqlInstance. The host running MySQL must already be added to your Rubrik cluster — see Hosts. After registration, Rubrik discovers the databases automatically.
Required fields:
clusterUuid— the Rubrik CDM cluster UUID that will manage this instancemysqldbInstanceConfig.discoveryInfo— theentityInfo.namefor the instance and thehostInfolist (each entry needs ahostId;portNumberis the portmysqldlistens on)
If connectionInfo is provided, its username, password, and systemUsername are all required. It also accepts an authenticationType (MYSQLDB_AUTHENTICATION_TYPE_TCP_BASED or MYSQLDB_AUTHENTICATION_TYPE_SOCKET_BASED), a bindIpAddress, a socketFilePath, and an sslConfig for the certificate, key, and CA file paths.
mutation {
addMysqlInstance(input: {
clusterUuid: "8417a938-96f5-43c6-9905-b36e051c5f98"
mysqldbInstanceConfig: {
discoveryInfo: {
entityInfo: {
name: "prod-mysql-01"
}
hostInfo: [
{
hostId: "b2c3d4e5-f6a7-8901-bcde-f12345678901"
portNumber: 3306
}
]
}
connectionInfo: {
username: "rubrik_backup"
password: "REPLACE_WITH_PASSWORD"
systemUsername: "mysql"
authenticationType: MYSQLDB_AUTHENTICATION_TYPE_TCP_BASED
}
}
}) {
id
asyncRequestStatus {
id
status
}
}
}
# No toolkit cmdlet available for MySQL — use the generic New-RscMutation
$mutation = New-RscMutation -GqlMutation addMysqlInstance
$mutation.Var.input = @{
clusterUuid = "8417a938-96f5-43c6-9905-b36e051c5f98"
mysqldbInstanceConfig = @{
discoveryInfo = @{
entityInfo = @{ name = "prod-mysql-01" }
hostInfo = @(
@{
hostId = "b2c3d4e5-f6a7-8901-bcde-f12345678901"
portNumber = 3306
}
)
}
connectionInfo = @{
username = "rubrik_backup"
password = "REPLACE_WITH_PASSWORD"
systemUsername = "mysql"
authenticationType = "MYSQLDB_AUTHENTICATION_TYPE_TCP_BASED"
}
}
}
$mutation.Invoke()
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="mutation { addMysqlInstance(input: { clusterUuid: \\\"8417a938-96f5-43c6-9905-b36e051c5f98\\\" mysqldbInstanceConfig: { discoveryInfo: { entityInfo: { name: \\\"prod-mysql-01\\\" } hostInfo: [ { hostId: \\\"b2c3d4e5-f6a7-8901-bcde-f12345678901\\\" portNumber: 3306 } ] } connectionInfo: { username: \\\"rubrik_backup\\\" password: \\\"REPLACE_WITH_PASSWORD\\\" systemUsername: \\\"mysql\\\" authenticationType: MYSQLDB_AUTHENTICATION_TYPE_TCP_BASED } } }) { id asyncRequestStatus { id status } } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Update Instance Configuration
After rotating credentials or changing host details, update the instance's configuration with patchMysqlInstance. Its input mirrors addMysqlInstance — supply the instance id along with the updated mysqldbInstanceConfig. The most common use is rotating the credentials in connectionInfo.
mutation {
patchMysqlInstance(input: {
id: "f1e2d3c4-b5a6-7890-1234-567890abcdef"
mysqldbInstanceConfig: {
discoveryInfo: {
entityInfo: {
name: "prod-mysql-01"
}
hostInfo: [
{
hostId: "b2c3d4e5-f6a7-8901-bcde-f12345678901"
portNumber: 3306
}
]
}
connectionInfo: {
username: "rubrik_backup"
password: "REPLACE_WITH_ROTATED_PASSWORD"
systemUsername: "mysql"
authenticationType: MYSQLDB_AUTHENTICATION_TYPE_TCP_BASED
}
}
userNote: "Rotate backup credentials"
}) {
asyncRequestStatus {
id
status
}
}
}
# No toolkit cmdlet available for MySQL — use the generic New-RscMutation
$mutation = New-RscMutation -GqlMutation patchMysqlInstance
$mutation.Var.input = @{
id = "f1e2d3c4-b5a6-7890-1234-567890abcdef"
mysqldbInstanceConfig = @{
discoveryInfo = @{
entityInfo = @{ name = "prod-mysql-01" }
hostInfo = @(
@{
hostId = "b2c3d4e5-f6a7-8901-bcde-f12345678901"
portNumber = 3306
}
)
}
connectionInfo = @{
username = "rubrik_backup"
password = "REPLACE_WITH_ROTATED_PASSWORD"
systemUsername = "mysql"
authenticationType = "MYSQLDB_AUTHENTICATION_TYPE_TCP_BASED"
}
}
userNote = "Rotate backup credentials"
}
$mutation.Invoke()
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="mutation { patchMysqlInstance(input: { id: \\\"f1e2d3c4-b5a6-7890-1234-567890abcdef\\\" mysqldbInstanceConfig: { discoveryInfo: { entityInfo: { name: \\\"prod-mysql-01\\\" } hostInfo: [ { hostId: \\\"b2c3d4e5-f6a7-8901-bcde-f12345678901\\\" portNumber: 3306 } ] } connectionInfo: { username: \\\"rubrik_backup\\\" password: \\\"REPLACE_WITH_ROTATED_PASSWORD\\\" systemUsername: \\\"mysql\\\" authenticationType: MYSQLDB_AUTHENTICATION_TYPE_TCP_BASED } } userNote: \\\"Rotate backup credentials\\\" }) { asyncRequestStatus { id status } } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Refresh an Instance
After schema changes — such as creating or dropping databases — re-discover the instance's contents with refreshMysqlInstance.
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="mutation { refreshMysqlInstance(input: { id: \\\"f1e2d3c4-b5a6-7890-1234-567890abcdef\\\" }) { id status } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql
Delete an Instance
Remove a MySQL instance from Rubrik protection with deleteMysqlInstance.
#!/bin/bash
# RSC_TOKEN="YOUR_RSC_ACCESS_TOKEN"
query="mutation { deleteMysqlInstance(input: { id: \\\"f1e2d3c4-b5a6-7890-1234-567890abcdef\\\" userNote: \\\"Decommissioning instance\\\" }) { id status } }"
# Execute the GraphQL query with curl
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $RSC_TOKEN" \
-d "{\"query\": \"$query\"}" \
https://example.my.rubrik.com/api/graphql