FeaturesReferenceGuides
Features/Security

Security

Security is a critical aspect of any application. It is important to ensure that the application is secure and that the data is protected. This section will cover the security aspects of the application.

Control the Operations with Trusted Documents

The application should control the operations that can be performed on the data. This can be done by using trusted documents that define the operations that can be performed on the data. The application should only allow the operations that are defined in the trusted documents.

Read more about trusted documents.

Rate Limiting

Rate limiting is an important security measure that can help protect the application from abuse. It can help prevent malicious users from overwhelming the application with requests. Rate limiting can be implemented at various levels, such as the global operation level, or the per-subgraph level.

Read more about rate limiting.

Operation Limits

Operation limits can help protect the application from abuse by limiting the cost of operations.

Read more about operation limits.

JWT Authentication

Control access to your federated graph with JWT authentication. The federated graph allows public access by default. Subgraphs must check if users have proper credentials. You can also configure an authorization provider to validate user credentials before executing requests.

Read more about JWT authentication.

Authentication with Hooks

Authentication with hooks allows you to control access to your federated graph by using hooks. You can use hooks to implement a custom authentication flow that suits your application's needs.

Read more about authentication with hooks.

Authorization with Hooks

Control access to your data based on the data itself. For example, you can restrict access to specific fields or rows based on user roles, or control input parameter use based on custom logic.

Read more about authorization with hooks.

Access Logs

Access logs can help you monitor and track the activity on your federated graph. Grafbase Gateway provides a fully customizable logging system that allows you to log the requests and responses.

Read more about access logs.

Access Tokens

Access tokens are used to authenticate users and grant them access to the federated graph. Access tokens can be used to control access to the federated graph and to protect the data.

Read more about access logs.