Custom Attributes
Stellate empowers you to customize your GraphQL Metrics so that you can get the insights you need. For this, you can define a set of Custom Attributes. We extract their values for each request sent to your Stellate service, store them in our metrics database, and make them available to you through our metrics dashboard and our Public GraphQL API.
All Custom Attribute values are stored in plain text. This may pose a risk if you intend to store Personally Identifiable Information (PII).
Using HTTP Headers
Custom Attributes can be defined in the Stellate configuration based on an HTTP Header.
import { Config } from 'stellate'
const config: Config = {
config: {
name: 'my-app',
customAttributes: {
// Extract the value from the HTTP header called `x-user-id`
userId: { header: 'x-user-id' },
},
},
}
export default config
Using Cookies
Custom Attributes can be defined in the Stellate configuration based Cookies.
import { Config } from 'stellate'
const config: Config = {
config: {
name: 'my-app',
customAttributes: {
// Extract the value from the cookie called `sessionId`
sessionId: { cookie: 'sessionId' },
},
},
}
export default config
Using JWT claims
For both headers and cookies, we also support extracting a specific claim if the value of the header or cookie is a JWT. In addition to the config shown above, you just need to add the jwt
property and specify the algorithm and the secret used to sign the JWT as well as the claim you want to extract. For asymmetric algorithms, please pass the public key as secret
.
import { Config } from 'stellate'
const config: Config = {
config: {
name: 'my-app',
customAttributes: {
userId: {
header: 'x-user-id',
jwt: {
// Instruct Stellate to take the value of this claim from the JWT payload
claim: 'sub',
// Pass the algorithm you use to sign your JWTs
algorithm: 'HS256',
// Pass the secret you use for signing (or the public key when using
// an asymmetric algorithm)
secret: ':a_very_secret_passphrase',
},
},
},
},
}
export default config
- We support nested claims using lodash-like dotpath-notation, e.g. by passing
user.id
to claim. - Supported algorithms are: HS256, HS384, and HS512 (symmetric), RS256, RS384, and RS512 (asymmetric), ES256, ES256k, ES384 (asymmetric), the RSA-PSS algorithms (PS256, PS384, and PS512, all of them asymmetric) as well as EdDSA.
The config format here is intentionally aligned with the one used for scopes.
Limitations
- You can define at most five Custom Attributes for each Stellate service.
- The length of Custom Attribute values that we store can be at most 256 characters. Any values longer than this will be truncated.
- Any stored values will persist even after removing a Custom Attribute from the Stellate Configuration. There is currently no way for users to customize this behavior or to remove any stored data.