How to secure GraphQL APIs with Hasura Cloud
This article discusses how to secure GraphQL APIs with Hasura Cloud. It highlights the differences between REST APIs and GraphQL APIs in terms of security, explaining that URL-based filtering cannot be applied to GraphQL APIs due to their single endpoint nature. The article then delves into various attack vectors such as introspection, authentication, authorization, admin secret, API limits, external APIs, restrictive CORS, and timeouts. It provides solutions for each of these attack vectors using Hasura Cloud's features like Allow List, role-based access control, and configuration settings. The article concludes by recommending Hasura's production checklist to address top-level security concerns before going live with an application.
Company
Hasura
Date published
Dec. 2, 2020
Author(s)
Praveen Durairaju
Word count
1165
Language
English
Hacker News points
None found.