GraphQL Security

Introspection separation

No, you don’t need to disable introspection. With RBAC Introspection separation, access control can be completely enforced at the edge. Users gain schema visibility only to allowed operations, types, and fields. Learn more about Inigo’s schema-based access control.

security_1_introspection.png

Query protection

DoS is the name of the game. Ensure the right security knobs are in place to protect against query-based DoS attacks.

security_2_query_protection.png

Schema-based Access Control

Keep resolvers clean and tight. Move from complex logic to role-based declarative configuration. Easy to maintain and manage during the development lifecycle.

Protection from Injections

GraphQL injections manifest themself in many ways. Stay guarded against data manipulation and data leaks with input validation across any free-form text.

security_4_injections.png

Meet Compliance Mandates

Stay compliant with security audits and regulations. Provable security and easily-accessible reports ensure your next certificate.

security_5_compliance.png