Skip to main content
Version: v2.x

Metadata API Reference: Network Options (v2.0 and above)

Introduction

Here's the API to modify any Network metadata. One of the options is to manage a TLS allowlist.

TLS allow list

The TLS allow list represents a set of services that are permitted to use self-signed certificates - primarily intended for use in development and staging environments, services can be allowlisted by a host, and optionally (service id) port.

add_host_to_tls_allowlist

add_host_to_tls_allowlist is used to add any string

This API could be supplied with just the hostname in the args field of the request instead of the complete object.

POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
"type": "add_host_to_tls_allowlist",
"args": {
"host": "graphql.hasura.io",
"suffix": "4183",
"permissions": ["self-signed"]
}
}

Args syntax

KeyRequiredSchemaDescription
hosttrueStringthe hostname/domain of the endpoint
suffixfalseStringsuffix for the service (this is usually reserved for the service port number)
permissionsfalse[String]Can be only ["self-signed"] until more permissions are supported. "self-signed" allows self-signed, name mismatches, and non-X509.V3 certificates.

drop_host_from_tls_allowlist

drop_host_from_tls_allowlist is used to drop an endpoint from the TLS allow list.

POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
"type": "drop_host_from_tls_allowlist",
"args": {
"host": "graphql.hasura.io",
"suffix": "4183"
}
}

Args syntax

KeyRequiredSchemaDescription
hosttrueStringthe hostname/domain of the endpoint that was previously added to the allow list
suffixfalseStringsuffix for the service (this is usually reserved for the service port number)