Authentication & Authorization
Grafbase exposes many ways to configure data access. This includes configuring rules for signed-in users, users of groups, anonymous access, and rules for operations.
Data access can be configured globally, by model, or by field.
You must handle authentication yourself using a supported provider.
Authorization can be configured with a valid OpenID Connect (IdP) or JWT provider.
The auth provider must issue a JWT that can be passed with requests using the authorization
HTTP header in the format of authorization: Bearer TOKEN
.
You can configure different types of authorization, including public, anonymous, signed-in, or role-based access using rules inside the @auth
directive.
You can also use API keys to authorize requests.