Authentication and Authorization

Authentication with Hasura can be implemented using the following:

JWT
Webhooks
Unauthenticated public access

In all of these cases, it is important to configure an admin secret first.

Authorization with Hasura can be implemented using the following:

Role-based permissions: per role, per schema, per table, per operation type
Set role access rules (records and fields) for Insert, Select, Update, and Delete

Both Authentication and Authorization have been covered in our Hasura Basics tutorial. Do check that out.

Also, for the Slack model in this tutorial, we have the Slack Authorization tutorial talking about setting up role-based permissions from scratch.

Did you find this page helpful?

Edit on GitHub

Service Level Security

Allow Lists

Start with GraphQL on Hasura for Free

Build apps and APIs 10x faster
Built-in authorization and caching
8x more performant than hand-rolled APIs

Try GraphQL with Hasura

PRODUCT

Hasura Product Offerings

CAPABILITIES

Performance

Instant API

Observability

API Security

Authorization

SUPPORTED DATABASES

PostgreSQL

SQL Server

Oracle

MySQL

Snowflake

MariaDB

Neon

Google BigQuery

AlloyDB

LEARN

Tutorials

Blog

GraphQL Hub

Why Hasura

Help

CONNECT

Community

Case Studies

Events

Hasura Hub

NEWS

Introducing Instant APIs for MySQL, MariaDB, and Oracle

May 2, 2023

NEWS

Introducing a native Postgres integration to Hasura Cloud in partnership with Neon

Oct 18, 2022

Authentication and Authorization