Inigo Logo

Product

Use cases

Learn

Pricing

Company

Login
Get a Demo

GraphQL Access Control

Introspection separation

No, you don’t need to disable introspection. With RBAC Introspection separation, access control can be completely enforced at the edge. Users gain schema visibility only to allowed operations, types, and fields. Learn more about Inigo’s schema-based access control.

security_1_introspection.webp

Schema-based access control

Keep resolvers clean and tight. Transform from complex code logic into role-based declarative configuration. Easy to maintain and manage during the development lifecycle.

ezgif.com-gif-maker_schema.gif

Directive approach

Apply RBAC directives to your GraphQL schema for fine-grained access control for authenticated and unauthenticated clients. Roles can be derived from a JWT token or HTTP headers.

illustration_graphql1.webp

Allowlist approach

Define exactly what queries are allowed to be executed for your GraphQL API for a given role. This is useful for securing APIs that have a limited set of queries that clients should be able to run.

illustration_graphql2.webp

Schema subset approach

Limit access to types and fields in your schema for a given role. Queries will not be able to access unpermitted parts of the schema.

illustration_graphql3.webp
Ready to accelerate your GraphQL adoption?
Getting Started

Supported by all GraphQL Servers/Gateways, Inigo acts as a powerful companion, seamlessly connecting with any existing open-source or commercial GraphQL implementation.

Get a demo
Start for free
Inigo Logo

Product

GraphQL Observability
Schema Management
GraphQL Security
GraphQL Explorer

Learn

Blog
Docs
Tutorials
Inigo vs. GraphOS
Media & Webinars
Press

Company

About us
Careers

Connect

Slack
LinkedIn
GitHub
Contact us
Copyright © 2024 Inigo Labs, Inc. | All Rights Reserved. | Systems Status | Terms | Privacy | Disclosure Policy