API / Hasura
Configuring Hasura
Learn how to configure your Hasura GraphQL Engine
You can customize and tweak the configuration of the Hasura GraphQL Engine using your project’s configuration file.
Below, you will find the official CUE
schema and an example on how to configure your GraphQL service.
Available Settings
Schema
// Configuration for hasura service
#Hasura: {
// Version of hasura, you can see available versions in the URL below:
// https://hub.docker.com/r/hasura/graphql-engine/tags
version: string | *"v2.33.4-ce"
// JWT Secrets configuration
jwtSecrets: [#JWTSecret]
// Admin secret
adminSecret: string
// Webhook secret
webhookSecret: string
// Configuration for hasura services
// Reference: https://hasura.io/docs/latest/deployment/graphql-engine-flags/reference/
settings: {
// HASURA_GRAPHQL_CORS_DOMAIN
corsDomain: [...#Url] | *["*"]
// HASURA_GRAPHQL_DEV_MODE
devMode: bool | *true
// HASURA_GRAPHQL_ENABLE_ALLOWLIST
enableAllowList: bool | *false
// HASURA_GRAPHQL_ENABLE_CONSOLE
enableConsole: bool | *true
// HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS
enableRemoteSchemaPermissions: bool | *false
// HASURA_GRAPHQL_ENABLED_APIS
enabledAPIs: [...#HasuraAPIs] | *["metadata", "graphql", "pgdump", "config"]
// HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL
liveQueriesMultiplexedRefetchInterval: uint32 | *1000
// HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES
stringifyNumericTypes: bool | *false
}
authHook?: {
// HASURA_GRAPHQL_AUTH_HOOK
url: string
// HASURA_GRAPHQL_AUTH_HOOK_MODE
mode: "GET"|*"POST"
// HASURA_GRAPHQL_AUTH_HOOK_SEND_REQUEST_BODY
sendRequestBody: bool | *true
}
logs: {
// HASURA_GRAPHQL_LOG_LEVEL
level: "debug" | "info" | "error" | *"warn"
}
events: {
// HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE
httpPoolSize: uint32 & >=1 & <=100 | *100
}
// Resources for the service
resources?: #Resources
}
Example Configuration
To configure your GraphQL instance, simply set the relevant settings under [hasura]
in your project’s configuration file.
nhost.toml
[hasura]
version = ''
adminSecret = 'adminsecret'
webhookSecret = 'webhooksecret'
[[hasura.jwtSecrets]]
type = 'HS256'
key = 'secret'
[hasura.settings]
corsDomain = ['*']
devMode = false
enableAllowList = true
enableConsole = true
enableRemoteSchemaPermissions = true
enabledAPIs = ['metadata']
liveQueriesMultiplexedRefetchInterval = 1000
stringifyNumericTypes = false
[hasura.logs]
level = 'warn'
[hasura.events]
httpPoolSize = 10
[hasura.resources]
replicas = 1
[hasura.resources.compute]
cpu = 500
memory = 1024
JWT Secret
Zooming in on JWTSecret
.
Schema
#JWTSecret:
({
type: "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "Ed25519" | *"HS256"
key: string
} |
{
jwk_url: #Url | *null
}) &
{
claims_format?: "stringified_json" | *"json"
audience?: string
issuer?: string
allowed_skew?: uint32
header?: string
} & {
claims_map?: [...#ClaimMap]
} &
({
claims_namespace: string | *"https://hasura.io/jwt/claims"
} |
{
claims_namespace_path: string
} | *{})
#ClaimMap: {
claim: string
{
value: string
} | {
path: string
default?: string
}
} & {
}
Example Configuration
nhost.toml
# example 1
[[hasura.jwtSecrets]]
type = 'HS256'
key = 'secret'
# example 2
[[hasura.jwtSecrets]]
jwk_url = 'https:/....'
# example 3
[[hasura.jwtSecrets]]
jwk_url = "https://......"
issuer = "https://my-auth-server.com"
[[hasura.jwtSecrets.claims_map]]
claim = "x-some-claim"
value = "some-value"
[[hasura.jwtSecrets.claims_map]]
claim = "x-other-claim"
path = "$.user.claim.id"
default = "default-value"
Read how Authentication Using JWTs works in Hasura