/plushcap/analysis/hasura/how-to-secure-graphql-apis-hasura-cloud

How to secure GraphQL APIs with Hasura Cloud

What's this blog post about?

This article discusses how to secure GraphQL APIs with Hasura Cloud. It highlights the differences between REST APIs and GraphQL APIs in terms of security, explaining that URL-based filtering cannot be applied to GraphQL APIs due to their single endpoint nature. The article then delves into various attack vectors such as introspection, authentication, authorization, admin secret, API limits, external APIs, restrictive CORS, and timeouts. It provides solutions for each of these attack vectors using Hasura Cloud's features like Allow List, role-based access control, and configuration settings. The article concludes by recommending Hasura's production checklist to address top-level security concerns before going live with an application.

Company
Hasura

Date published
Dec. 2, 2020

Author(s)
Praveen Durairaju

Word count
1165

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.