Securing projects


To make sure that your GraphQL endpoint and the Hasura console are not publicly accessible, you need to configure an admin secret key.

Adding an admin secret

Step 1: Go to settings

On the project overview, click on the settings icon on the top right of the relevant project.

Go to settings

Step 2: Navigate to env vars

On the Env vars tab, click the button to add a new env var.

Navigate to env vars

Step 3: Add an admin secret

In the Key dropdown, choose ADMIN_SECRET and add a secret of your choice in the Value field. Then click the Add button.

Set admin secret

Accessing Hasura

After setting an admin secret, when you launch the console from the Hasura Cloud dashboard, you’ll be authenticated as an admin. If you want to make API calls from outside the console, you need to pass the admin secret as the x-hasura-admin-secret request header.


The admin secret should be treated like a password i.e. it should be kept secret and shouldn’t be passed from frontend clients. Refer this to set up user authentication.