2018-09-11 14:11:24 +03:00
|
|
|
Securing the GraphQL endpoint (Heroku)
|
|
|
|
|
======================================
|
|
|
|
|
|
2018-12-03 15:12:24 +03:00
|
|
|
.. contents:: Table of contents
|
|
|
|
|
:backlinks: none
|
|
|
|
|
:depth: 1
|
|
|
|
|
:local:
|
|
|
|
|
|
2018-09-11 14:11:24 +03:00
|
|
|
To make sure that your GraphQL endpoint and the Hasura console are not publicly accessible, you need to
|
|
|
|
|
configure an access key.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add the HASURA_GRAPHQL_ACCESS_KEY env var
|
|
|
|
|
-----------------------------------------
|
|
|
|
|
|
|
|
|
|
Head to the config-vars URL on your Heroku dashboard and set the ``HASURA_GRAPHQL_ACCESS_KEY`` environment variable.
|
|
|
|
|
|
|
|
|
|
.. image:: ../../../../img/graphql/manual/deployment/secure-heroku.png
|
|
|
|
|
|
|
|
|
|
Setting this environment variable will automatically restart the dyno. Now when you access your console, you'll be
|
|
|
|
|
prompted for the access key.
|
|
|
|
|
|
|
|
|
|
.. image:: ../../../../img/graphql/manual/deployment/access-key-console.png
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(optional) Use the access key with the CLI
|
|
|
|
|
------------------------------------------
|
|
|
|
|
|
|
|
|
|
In case you're using the CLI to open the Hasura console, use the ``access-key`` flag when you open the console:
|
|
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
|
|
hasura console --access-key=mysecretkey
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
2019-02-06 09:39:36 +03:00
|
|
|
If you're looking at adding access control rules for your data to your GraphQL API then head
|
|
|
|
|
to :doc:`Authentication / access control <../auth/index>`.
|
