About GraphQL Security
Stellate provides several Security features designed to provide a range of options that you can use to protect your GraphQL activities.
Stellate Security Features
Stellate's security features are meticulously crafted to safeguard GraphQL APIs from a spectrum of threats and attacks, ensuring the integrity and performance of your API. Here is a summary of the types of security features available and the benefits they provide.
Persisted Operations
Persisted Operations are designed to optimize GraphQL requests by substituting the full query string with a unique identifier, which helps in reducing network overhead and enhancing performance. Stellate supports two types of persisted operations:
- Persisted Operations (PO): These involve registering operations on the server side, allowing Stellate's CDN to serve as an operation safety mechanism. This method offers both performance improvements and security, as only registered queries can be executed.
- Automatic Persisted Query (APQ): APQ operations automatically convert the query on the client side into a unique identifier, streamlining the implementation process. APQ removes the need for a separate registration step. However, APQ lacks the protection of Persisted Operations. With just APQ, you can still execute any arbitrary query without the strong security of Persisted Operations.
Security Filters
Security Filters are tailored for GraphQL APIs to protect against common web application vulnerabilities and attacks. If you cannot use the persisted operations, as described above, you still don’t want malicious users to do whatever they want with your API. Stellate provides some security filters to limit the impact and the scope of potential harm caused by attacks on your API.
Depth Limiting
Depth Limiting is a security feature that is part of the Security Filters set. Depth Limiting can prevent bad actors from sending deeply nested queries that could burden the server and/or database. Stellate analyzes incoming queries and blocks them if they are excessively nested.
Rate Limiting
Stellate provides Rate Limiting capabilities to shield GraphQL APIs from excessive traffic or misuse. It allows administrators to set limits on the number of requests per time frame, preventing potential attacks such as DDoS.
Authentication and Authorization
Stellate includes features to manage access to protected resources based on user identity and permissions. It supports various authentication methods, including API keys, JWT, and OAuth, ensuring that only authorized users or applications have access to protected resources.
Benefits of Security Features
- Simplified Management: Stellate offers a centralized platform for managing security features, making it easier for users to configure and monitor their security settings.
- Integrated Security: Users can utilize the built-in security features, such as Security Filters, to enhance the security of their GraphQL APIs without the need for additional tools.
- Performance Optimization: The security features are engineered to minimize the impact on API performance, ensuring that security measures do not hinder the speed and responsiveness of GraphQL operations.
- Protection against Attacks: Features like Security Filters provide a defense against common vulnerabilities, bolstering the security of APIs and preventing unauthorized access or malicious activities.
- Compliance: Security Filters assist users in meeting compliance requirements by offering protection against security vulnerabilities and ensuring data privacy.
By integrating Stellate's security features, you can ensure that your GraphQL APIs remain secure, efficient, and compliant with industry standards.