Securing projects¶

Table of contents

Introduction
Updating the admin secret
Accessing Hasura

Introduction¶

To make sure that your GraphQL endpoint is not publicly accessible, a randomly generated admin secret key is added by default to your project at the time of project creation.

Updating the admin secret¶

Step 1: Go to settings¶

On the project overview, click on the settings icon on the top right of the relevant project.

Step 2: Navigate to env vars¶

On the Env vars tab, you will see the HASURA_GRAPHQL_ADMIN_SECRET env var.

Step 3: Update admin secret¶

Click on the HASURA_GRAPHQL_ADMIN_SECRET env var to update the value.

Accessing Hasura¶

When you launch the console from the Hasura Cloud dashboard, you’ll be authenticated as an admin. If you want to make API calls from outside the console, you need to pass the admin secret as the x-hasura-admin-secret request header.

Note

The admin secret should be treated like a password i.e. it should be kept secret and shouldn’t be passed from frontend clients. Refer this to set up user authentication.

« previous | next »

Want to contribute or report missing content?

edit this page on github | contributing guidelines | report an issue

Hasura GraphQL engine is open source. See license