Skip to main content Link Search Menu Expand Document (external link)



Welcome to Inigo - the GraphQL Security Enforcement and Management layer for your GraphQL APIs. We provide a server-agnostic management, security and observability solution layer for any GraphQL server.

If you’re here, you’ve probably signed up for an account at and are ready to start exploring how Inigo helps you manage and protect GraphQL APIs from malicious actors.

Inigo’s powerful engine can enforce policies, alter and block incoming queries before they hit your GraphQL application servers.


Why protect your GraphQL API with Inigo

Unprotected GraphQL APIs can be vulnerable to a variety of security concerns, such as:

  1. Lack of Authentication and Authorization controls
  2. Denial of Service vulnerabilities
  3. Information Disclosure vulnerabilities
  4. Hijacking and Forgery-based vulnerabilities

… and many more.

Inigo solves these complex security challenges by providing a comprehensive layer of enforcement, analytics and insights, all while decoupling the complex security logic from your application in a performant way that allows your business to focus on its highest priorities.

Getting Started

The first step in the process is to explore the Star Wars Demo Playground. The Star Wars API (also known as SWAPI) mimics the application that’s protected by Inigo - in this case, your application. Once you get the hang of it, you can then apply your own configuration. Configurations can be as strict as you want them to be and Inigo provides a comprehensive set of controls how tight the controls should be.

After exploring the demo playground and applying the sample configuration as provided by Inigo, you will get an idea how Inigo works. At which point you can then add your own service and apply your own server configuration.

Let’s start:

  1. Starwars Demo Playground
  2. Starwars Demo Configuration

For any questions, join our Slack channel.