Custom Attributes

Stellate empowers you to customize your GraphQL Metrics so that you can get the insights you need. For this, you can define a set of Custom Attributes. We extract their values for each request sent to your Stellate service, store them in our metrics database, and make them available to you through our metrics dashboard and our Public GraphQL API.

All Custom Attribute values are stored in plain text. This may pose a risk if you intend to store Personally Identifiable Information (PII).

Custom Attributes can be defined in the Stellate configuration based on an HTTP header or a property on the cookie.

stellate.ts →

import { Config } from 'stellate'

const config: Config = {
  config: {
    name: 'my-app',
    customAttributes: {
      // Extract the value from the HTTP header called `x-user-id`
      userId: { header: 'x-user-id' },

      // Extract the value from the cookie called `sessionId`
      sessionId: { cookie: 'sessionId' },
    },
  },
}
export default config

Using JWT claims

For both headers and cookies, we also support extracting a specific claim if the value of the header or cookie is a JWT. In addition to the config shown above, you just need to add the jwt property and specify the algorithm and the secret used to sign the JWT as well as the claim you want to extract. For asymmetric algorithms, please pass the public key as secret.

stellate.ts →

import { Config } from 'stellate'

const config: Config = {
  config: {
    name: 'my-app',
    customAttributes: {
      userId: {
        header: 'x-user-id',
        jwt: {
          // Instruct Stellate to take the value of this claim from the JWT payload
          claim: 'sub',

          // Pass the algorithm you use to sign your JWTs
          algorithm: 'HS256',

          // Pass the secret you use for signing (or the public key when using
          // an asymmetric algorithm)
          secret: ':a_very_secret_passphrase',
        },
      },
    },
  },
}
export default config

We support nested claims using lodash-like dotpath-notation, e.g. by passing user.id to claim.
Supported algorithms are: HS256, HS384, and HS512 (symmetric), RS256, RS384, and RS512 (asymmetric), ES256, ES256k, ES384 (asymmetric), the RSA-PSS algorithms (PS256, PS384, and PS512, all of them asymmetric) as well as EdDSA.

The config format here is intentionally aligned with the one used for scopes.

Limitations

You can define at most five Custom Attributes for each Stellate service.
The length of Custom Attribute values that we store can be at most 256 characters. Any values longer than this will be truncated.
Any stored values will persist even after removing a Custom Attribute from the Stellate Configuration. There is currently no way for users to customize this behavior or to remove any stored data.