graphql-engine/docs/graphql/core/deployment/securing-graphql-endpoint.rst

.. meta::
   :description: Secure the Hasura GraphQL endpoint
   :keywords: hasura, docs, deployment, secure

.. _securing_graphql_endpoint:

Securing the GraphQL endpoint
=============================

.. contents:: Table of contents
  :backlinks: none
  :depth: 1
  :local:

To make sure that your GraphQL endpoint and the Hasura console are not publicly accessible, you need to
configure an admin secret key.

Depending on your deployment method, follow one of these guides to configure an admin secret key, and prevent public
access to your GraphQL endpoint and the Hasura console:

- :ref:`For Hasura Cloud <secure_project>`
- :ref:`For Heroku <heroku_secure>`
- :ref:`For Docker <docker_secure>`
- :ref:`For Kubernetes <kubernetes_secure>`
- :ref:`For Digital Ocean <digital_ocean_secure>`

.. note::

  If you're looking at adding access control rules for your data to your GraphQL API then head
  to :ref:`Authentication / access control <auth>`.
docs: add meta descriptions to pages (#3631) 2020-01-14 15:57:45 +03:00			`.. meta::`
			`:description: Secure the Hasura GraphQL endpoint`
			`:keywords: hasura, docs, deployment, secure`

docs: replace doc with ref (close #4054) (#4068) 2020-03-11 22:42:36 +03:00			`.. _securing_graphql_endpoint:`
add production checklist to docs (close #2561) (#3140) 2019-10-23 12:23:41 +03:00
merge docs into main repo (close #397) (#398) 2018-09-11 14:11:24 +03:00			`Securing the GraphQL endpoint`
			`=============================`

add table of contents to docs pages (#1115) 2018-12-03 15:12:24 +03:00			`.. contents:: Table of contents`
			`:backlinks: none`
			`:depth: 1`
			`:local:`

merge docs into main repo (close #397) (#398) 2018-09-11 14:11:24 +03:00			`To make sure that your GraphQL endpoint and the Hasura console are not publicly accessible, you need to`
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated. 2019-02-14 12:37:47 +03:00			`configure an admin secret key.`
merge docs into main repo (close #397) (#398) 2018-09-11 14:11:24 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated. 2019-02-14 12:37:47 +03:00			`Depending on your deployment method, follow one of these guides to configure an admin secret key, and prevent public`
merge docs into main repo (close #397) (#398) 2018-09-11 14:11:24 +03:00			`access to your GraphQL endpoint and the Hasura console:`

docs: move cloud docs (#5411) 2020-08-25 14:53:25 +03:00			- :ref:`For Hasura Cloud <secure_project>`
docs: replace doc with ref (close #4054) (#4068) 2020-03-11 22:42:36 +03:00			- :ref:`For Heroku <heroku_secure>`
			- :ref:`For Docker <docker_secure>`
			- :ref:`For Kubernetes <kubernetes_secure>`
docs: restructure deployment section (#5339) 2020-07-23 15:34:17 +03:00			- :ref:`For Digital Ocean <digital_ocean_secure>`
merge docs into main repo (close #397) (#398) 2018-09-11 14:11:24 +03:00
			`.. note::`

docs update (#1535) 2019-02-06 09:39:36 +03:00			`If you're looking at adding access control rules for your data to your GraphQL API then head`
docs: replace doc with ref (close #4054) (#4068) 2020-03-11 22:42:36 +03:00			to :ref:`Authentication / access control <auth>`.
merge docs into main repo (close #397) (#398) 2018-09-11 14:11:24 +03:00