Security and best practices#

In this section we'll cover several options you have for keeping your GraphQL API secure and compliant with best practices. Some of these tools require configuration, while others come pre-installed.

Authentication

Ensure your GraphQL api is only accessible to provisioned users

Cross-Origin Resource Sharing (CORS)

Ensure that requests to your API come from a whitelist of origins

CSRF protection

Protect destructive actions from cross-site request forgery

Strict HTTP method checking

Ensure requests are GET or POST

Recursive or complex queries

Protecting against potentially malicious queries