Metadata API Reference: Network Options (v2.0 and above)
Introduction
Here's the API to modify any Network metadata. One of the options is
to manage a TLS allowlist.
TLS allow list
The TLS allow list represents a set of services that are permitted to use
self-signed certificates - primarily intended for use in development and
staging environments, services can be allowlisted by a host, and
optionally (service id) port.
add_host_to_tls_allowlist
add_host_to_tls_allowlist is used to add any string
This API could be supplied with just the hostname in the args field of
the request instead of the complete object.
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin
{
"type": "add_host_to_tls_allowlist",
"args": {
"host": "graphql.hasura.io",
"suffix": "4183",
"permissions": ["self-signed"]
}
}
Args syntax
| Key | Required | Schema | Description |
|---|---|---|---|
| host | true | String | the hostname/domain of the endpoint |
| suffix | false | String | suffix for the service (this is usually reserved for the service port number) |
| permissions | false | [String] | Can be only ["self-signed"] until more permissions are supported. "self-signed" allows self-signed, name mismatches, and non-X509.V3 certificates. |
drop_host_from_tls_allowlist
drop_host_from_tls_allowlist is used to drop an endpoint from the TLS allow list.
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin
{
"type": "drop_host_from_tls_allowlist",
"args": {
"host": "graphql.hasura.io",
"suffix": "4183"
}
}
Args syntax
| Key | Required | Schema | Description |
|---|---|---|---|
| host | true | String | the hostname/domain of the endpoint that was previously added to the allow list |
| suffix | false | String | suffix for the service (this is usually reserved for the service port number) |
