Can I perform queries / mutations to /admin endpoint ignoring the auth rule?

Hi there!

I managed to set up a neat system to update the schema on Dgraph Cloud from my local system. This way I can make use of VS Code’s GraphQl language support and other benefits. Since during the development phase I need to change and update the database constantly, I started developing a seeder which basically performs mutations to the /graphql endpoint. Obviously I am restricted by auth rules here so I was wondering if there is a way I could perform the same mutations via eg. the /admin endpoint which lets me perform all mutations without bothering about auth?


Hello @Poolshark
I think there is no way to ignore the Auth rules but we did something similar by generating a jwt manually and using it in our requests from one of our servers. You have the VerificationKey, Header Name and Algorithm you can easily generate proper jwt with enough access to pass the auth rule. For example we manually added admin role as a claim in our jwt.
Also if you want to test it you can generate jwt here:

Only with DQL queries/mutations, you could ignore any auth or something completely.

1 Like

We are using the Managed Cloud offering for Dgraph and the current workflow while modelling schema looks something like this - For all integration tests against the DB, we pass a JWT token For the authenticated user to our GraphQL endpoints to pass the authorization check. The downside is that exploration via the GraphQL query editor integrated with the Cloud UI becomes unusable with the Authorization setup as currently there is no way to pass a token(which should be made available), but the team can still use the DQL editor and queries to poke around the structure and stored data skipping Auth and the GraphQL layer.

Maybe you have missed it. It is there. Look for “Request Headers” in the GraphQL explorer page right below the endpoint selection.

1 Like

@amaster507 Thanks. Missed the pink link with request headers! :slight_smile: