Better visibility and security for your GraphQL API
In this document you can find information about the advanced GraphQL features available in some of our plans (see our pricing page for details).
If you are interested in other advanced security features or observability capabilities don’t hesitate to let us know.
In addition to resource utilization, as part of this set of advanced GraphQL features, you have extra visibility at the query level:
hasura-graphi
is the process responsible for these features)All of the added GraphQL metrics are broken down per:
For instance, below you can see a screenshot from our own staging application:
In addition, a few security features are made available.
This feature will block requests to any endpoint with the header x-hasura-admin-secret
. To enable it:
Enabling this can have the side effect of breaking deployments. If you plan to enable this feature we recommend contacting our support first.
Deeply nested queries can require lots of resources which, in turn, may lead to resource exhaustion. It can also make your application susceptible to DoS attacks. To prevent this, you can configure the maximum query depth you want to allow. For instance, you can limit the depth of your queries to 4 with:
With the configuration above, the following query will be rejected:
while:
will work just fine.
In addition to the logs you already have a new service will show in your “Logs” tab; hasura-graphi
. Here you can see security events in the case you have enabled any of the security features mentioned above.
Better visibility and security for your GraphQL API
In this document you can find information about the advanced GraphQL features available in some of our plans (see our pricing page for details).
If you are interested in other advanced security features or observability capabilities don’t hesitate to let us know.
In addition to resource utilization, as part of this set of advanced GraphQL features, you have extra visibility at the query level:
hasura-graphi
is the process responsible for these features)All of the added GraphQL metrics are broken down per:
For instance, below you can see a screenshot from our own staging application:
In addition, a few security features are made available.
This feature will block requests to any endpoint with the header x-hasura-admin-secret
. To enable it:
Enabling this can have the side effect of breaking deployments. If you plan to enable this feature we recommend contacting our support first.
Deeply nested queries can require lots of resources which, in turn, may lead to resource exhaustion. It can also make your application susceptible to DoS attacks. To prevent this, you can configure the maximum query depth you want to allow. For instance, you can limit the depth of your queries to 4 with:
With the configuration above, the following query will be rejected:
while:
will work just fine.
In addition to the logs you already have a new service will show in your “Logs” tab; hasura-graphi
. Here you can see security events in the case you have enabled any of the security features mentioned above.