Securing the GraphQL endpoint¶

To make sure that your GraphQL endpoint and the Hasura console are not publicly accessible, you need to configure an admin secret key.

Depending on your deployment method, follow one of these guides to configure an admin secret key, and prevent public access to your GraphQL endpoint and the Hasura console:

Hasura Cloud projects have a randomly generated admin secret added by default at the time of creation.
For Heroku
For Docker
For Kubernetes
For Digital Ocean

Note

If you’re looking at adding access control rules for your data to your GraphQL API then head to Authentication / access control.

« previous | next »

Want to contribute or report missing content?

edit this page on github | contributing guidelines | report an issue

Hasura GraphQL engine is open source. See license