Sign up for Hasura Newsletter
Loading...

Security

GraphQL is fundamentally different from REST APIs in the way it is served - API is served over a single endpoint. This means that URL based filtering cannot be applied to GraphQL APIs. Morever REST APIs rely on request methods like GET, POST, PUT and DELETE where as GraphQL is typically served over POST (or websockets for realtime). Attackers can crawl GraphQL endpoint (typically served at /graphql) and exploit interface consoles like GraphiQL if not protected behind auth.

In this section, we will look at optimizing Hasura for security. By default, some settings might be more "open" and hence needs explicit configuration to secure data access.

We will look at the following

  • Service level security
  • Authentication and Authorization
  • Allow Lists
  • Rate Limiting
  • Response Limiting

and optimize for each of the use cases.

Did you find this page helpful?
Start with GraphQL on Hasura for Free
  • ArrowBuild apps and APIs 10x faster
  • ArrowBuilt-in authorization and caching
  • Arrow8x more performant than hand-rolled APIs
Promo
footer illustration
Brand logo
© 2022 Hasura Inc. All rights reserved
Github
Titter
Discord
Facebook
Instagram
Youtube
Linkedin