Hasura is built for mission-critical production workloads and designed to be secure by default for production environments.

Secure your GraphQL APIs in a few clicks

Prevent malicious requests and abuse

Hasura lets you configure API rate limits and restrict operations based on user role to prevent data breaches and API attacks.

Prevent API scraping and excessive data exposure

For apps running in production, you don’t want to inadvertently expose the schema or allow scraping of your APIs. Disable schema introspection based on user role for your API to prevent such scenarios.

Compliance, reliability, and security with Hasura Cloud

Hasura Cloud is designed to help companies follow the three tenets of information security: confidentiality, integrity, and availability.

As part of our certification process, we have external agencies conduct routine testing to ensure we’re maintaining industry standards. To incentivize the community for an extra layer of scrutiny, we also offer a path for responsible disclosure.

SOC2 Type II compliant

HIPAA compliant

ISO certified

GDPR compliant

Regularly penetration tested

Compliance, reliability, and security with Hasura Cloud

Peter Downs

Director of Engineering, Pipe

"... Basically, we’re seeing that it takes only about a tenth of the time to develop a new page in our application or a new component based on having adopted Hasura."

Pipe saw their development time drop by 90% with Hasura

Karthik Srinivasan

Solution Architect, Philips Healthcare

"If we had gone the traditional way, this process would have taken us two to four years. With Hasura, we have been able to crunch it to just under a year."

Philips increased the speed of their development by 2-4x with Hasura

More API Security features at a glance

Allow lists

Allows lists can be configured to safely permit a limited number of GraphQL operations (queries/mutations/subscriptions) for your project. You can review and approve operations, and create collections of role-based allow lists if required.

Authorization

Easily configure fine-grained role-based permissions and access control rules for CRUD, and declaratively secure your remote GraphQL APIs. When writing data and submitting events, there are built-in input and constraint validations.

Quick and easy integration

Get an extensive set of tutorials for the best third-party authentication services for implementing auth with Hasura Engine, as well as information covering JWT and webhook auth methods.

Proactive vulnerability scanning of container images

Hasura scans all container images used in Hasura Cloud and Hasura Enterprise for vulnerabilities with leading container scanning tools. Anything marked as “critical” or “high” are remediated before the next release.

Multiple admin and JWT secrets

Specify a list of admin secrets to implement security mechanisms like rotating secrets, and have different lifecycles for individual admin secrets. A list of JWT secrets enables authentication with different JWT users.