Version 5 supported

Security and best practices

In this section we'll cover several options you have for keeping your GraphQL API secure and compliant with best practices. Some of these tools require configuration, while others come pre-installed.

Ensure your GraphQL api is only accessible to provisioned users
Cross-Origin Resource Sharing (CORS)
Ensure that requests to your API come from a whitelist of origins
CSRF protection
Protect destructive actions from cross-site request forgery
Strict HTTP method checking
Ensure requests are GET or POST
Recursive or complex queries
Protecting against potentially malicious queries