Securing projects¶

Table of contents

Introduction
Adding an admin secret
Accessing Hasura

Introduction¶

To make sure that your GraphQL endpoint and the Hasura console are not publicly accessible, you need to configure an admin secret key.

Adding an admin secret¶

Step 1: Go to settings¶

On the project overview, click on the settings icon on the top right of the relevant project.

Step 2: Navigate to env vars¶

On the Env vars tab, click the button to add a new env var.

Step 3: Add an admin secret¶

In the Key dropdown, choose ADMIN_SECRET and add a secret of your choice in the Value field. Then click the Add button.

Accessing Hasura¶

After setting an admin secret, when you launch the console from the Hasura Cloud dashboard, you’ll be authenticated as an admin. If you want to make API calls from outside the console, you need to pass the admin secret as the x-hasura-admin-secret request header.

Note

The admin secret should be treated like a password i.e. it should be kept secret and shouldn’t be passed from frontend clients. Refer this to set up user authentication.

« previous | next »

Was this page helpful?

Want to contribute or report missing content?

edit this page on github | contributing guidelines | report an issue

Hasura GraphQL engine is open source. See license