Version 4 end of life
This version of Silverstripe CMS will not recieve any additional bug fixes or documentation updates. Go to documentation for the most recent stable version.

Security and best practices

In this section we'll cover several options you have for keeping your GraphQL API secure and compliant with best practices. Some of these tools require configuration, while others come pre-installed.

You are viewing docs for silverstripe/graphql 4.x. If you are using 3.x, documentation can be found in the GitHub repository

Authentication
Ensure your GraphQL api is only accessible to provisioned users
Cross-Origin Resource Sharing (CORS)
Ensure that requests to your API come from a whitelist of origins
CSRF protection
Protect destructive actions from cross-site request forgery
Strict HTTP method checking
Ensure requests are GET or POST
Recursive or complex queries
Protecting against potentially malicious queries
Edit on Github