Protect GQL endpoint

spinelsun · September 21, 2020, 10:56am

Hi,

About the endpoint that slash expose, is it safe to give this endpoint to clients and restrict queries and muttions by @auth or should I have a server that expose only part of the functionality of the whole generated GQL API?
I am asking becuse sometimes even if the user is authorized and authenticated he can create queries that are not legit by mistake or with purpose.

gja · September 21, 2020, 1:24pm

Both models work with Slash GraphQL, but we are encouraging users to expose their endpoint directly to clients. Please remember to set up auth rules that lock down any resources you don’t want to expose (remembering to block query / create / delete / update).

Topic		Replies	Views
How to secure slash graphql endpoints? Dgraph Cloud kind:question , slash-graphql , dgraph	1	613	October 7, 2020
How can I use Slash Dgraph as a database for my backend? Dgraph Cloud	6	680	February 10, 2021
Client Side Token Dgraph Cloud / Slash GraphQL auth	1	503	November 22, 2020
Issue with Slash GraphQL Authentication Dgraph Cloud / Slash GraphQL	5	1005	March 9, 2021
Concerns about authentication/authorization in DGraph with GraphQL endpoint Dgraph Cloud kind:question , auth , status:accepted	4	1198	September 24, 2020

Protect GQL endpoint

Related topics