Grafbase is not a user management platform, so you will need to bring your own users with platforms like Clerk, NextAuth.js, and Auth0.
If you're making a request to the Grafbase GraphQL API from your frontend (React, Vue, Svelte, etc.) then you will need to configure an auth provider (Clerk, Auth0, NextAuth.js, etc.).
If you're making a request on the backend, and don't need to filter data based on the owner, then you can use an API Key with requests.
Data access can be configured globally, by model, or by field.
Once you get a token from the authentication provider you must pass this in the HTTP headers of your request as `authorization:
Authorization: Bearer TOKEN
The auth provider must issue a JWT that can be passed with requests using the
authorization HTTP header in the format of
authorization: Bearer TOKEN.
Grafbase sits between your user management platform and database making sure only those who should have access, do.
You can configure different types of authorization, including signed-in, owner-based, or role-based access using rules inside the
You can also use API keys to authorize requests to bypass the need for an authorization header.