Secure your GraphQL APIs in a few clicks
Get started with Hasura Cloud
Prevent malicious requests and abuse
Hasura lets you configure API rate limits and restrict operations based on user role to prevent data breaches and API attacks.
Learn more
Prevent API scraping and excessive data exposure
For apps running in production, you don’t want to inadvertently expose the schema or allow scraping of your APIs. Disable schema introspection based on user role for your API to prevent such scenarios.
Learn more
Mark Erdmann
Software Engineer, Pulley
"By using Hasura we cut the development time in half and built our product in 3 months & built-in role-based authorization system made it easy to secure our data."
Compliance, reliability, and security with Hasura Cloud
Hasura Cloud is designed to help companies follow the three tenets of information security: confidentiality, integrity, and availability. As part of our certification process, we have external agencies conduct routine testing to ensure we’re maintaining industry standards. To incentivize the community for an extra layer of scrutiny, we also offer a path for responsible disclosure.
SOC 2 Type II compliant
HIPAA compliant
Regularly penetration tested
ISO certified
GDPR compliant
Learn more
More API Security features at a glance
Allow lists
Allows lists can be configured to safely permit a limited number of GraphQL operations (queries/mutations/subscriptions) for your project. You can review and approve operations, and create collections of role-based allow lists if required.
Authorization
Easily configure fine-grained role-based permissions and access control rules for CRUD, and declaratively secure your remote GraphQL APIs. When writing data and submitting events, there are built-in input and constraint validations.
Quick and easy integration
Get an extensive set of tutorials for the best third-party authentication services for implementing auth with Hasura Engine, as well as information covering JWT and webhook auth methods.
Proactive vulnerability scanning of container images
Hasura regularly scans all container images used in Hasura Cloud and Hasura Enterprise for vulnerabilities with leading container scanning tools. Anything marked as “critical” or “high” are remediated before the next release.
Multiple admin and JWT secrets
Specify a list of admin secrets to implement security mechanisms like rotating secrets, and have different lifecycles for individual admin secrets. A list of JWT secrets enables authentication with different JWT users.
Learn how Hasura meets other API requirements
Authorization
Built-in authorization engine that makes granular read and write access control easy to configure.
Learn more
Observability
Monitor for known issues by debuting and analyzing metrics from your Hasura instance.
Learn more
Instant API
Run Hasura and connect your databases for a unified, production-ready GraphQL API in an instant.
Learn more
