Authorization for DQL

gja · September 10, 2020, 12:47pm

Yes, dgraph endpoints are accessible by default without ACL. If you would like to lock these down to require an API key

You could put a proxy in front of your dgraph instance and set up a proxy that prevents access without some header
You can use Slash GraphQL, which allows you to spin up a secured, hosted instance of Dgraph, and set up API keys for access

Tejas

Topic		Replies	Views
DQL queries need to respect GraphQL @auth rules Dgraph auth , dgraph , area:security	7	1653	October 1, 2020
Disable Alpha endpoints via commandline flags Dgraph auth , status:accepted , kind:feature , ticket:created	1	746	September 30, 2020
Poor man's auth in GraphQL Dev rfc	0	861	July 13, 2020
Can Dgraph provide unified auth? Dgraph	1	674	March 14, 2020
User authentication Dgraph kind:question	21	5014	October 16, 2020