Auth

Grafbase works out of the box with popular authentication strategies, including OpenID Connect and JWT.

Grafbase is not a user management platform, so you will need to bring your own users with platforms like Clerk, NextAuth.js, and Auth0.

If you're making a request to the Grafbase GraphQL API from your frontend (React, Vue, Svelte, etc.) then you will need to configure an auth provider (Clerk, Auth0, NextAuth.js, etc.).

If you're making a request on the backend, and don't need to filter data based on the owner, then you can use an API Key with requests.

Data access can be configured globally, by model, or by field.

Learn more about Auth

Authenticating requests

Once you get a token from the authentication provider you must pass this in the HTTP headers of your request as `authorization:

Authorization: Bearer TOKEN

Authorization can be configured with a valid OpenID Connect (IdP) or JWT provider.

The auth provider must issue a JWT that can be passed with requests using the authorization HTTP header in the format of authorization: Bearer TOKEN.

Permissions

Grafbase sits between your user management platform and database making sure only those who should have access, do.

You can configure different types of authorization, including signed-in, owner-based, or role-based access using rules inside the @auth directive.

You can also use API keys to authorize requests to bypass the need for an authorization header.

Was this page helpful?