.. meta:: :description: Manage unauthenticated access in Hasura :keywords: hasura, docs, authentication, auth, unauthenticated access Unauthenticated access ====================== .. contents:: Table of contents :backlinks: none :depth: 1 :local: Use case -------- It is a common requirement to have requests which are accessible to all users without the need for any authentication (logging in). For example, to display a public feed of events. You can configure Hasura GraphQL engine to allow access to unauthenticated users by defining a specific role which will be set for all unauthenticated requests. Configuring unauthenticated access ---------------------------------- You can use the env variable ``HASURA_GRAPHQL_UNAUTHORIZED_ROLE`` or ``--unauthorized-role`` flag to set a role for unauthenticated (non-logged in) users. See :doc:`../../deployment/graphql-engine-flags/reference` for more details on setting this flag/env var. This role can then be used to define the permissions for unauthenticated users as described in :doc:`../authorization/index`. A guide on setting up unauthenticated user permissions can be found :ref:`here `. How it works ------------ Once you have configured authentication, by default Hasura GraphQL engine will reject any unauthenticated request it receives. Based on your authentication setup, an unauthenticated request is any request: - for which the webhook returns a ``401 Unauthorized`` response in case of :doc:`webhook authentication <./webhook>`. - which does not contain a JWT token in case of :doc:`JWT authentication <./jwt>`. Once an unauthenticated role is configured, unaunthenticated requests will not be rejected and instead the request will be made with the configured role.