Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Security

Security allows Inigo’s users to enforce security controls before they reach your GraphQL server. Inigo’s security enforcement allows you to mitigate Denial of Service attacks, as well as the abuse of your API which could overwhelm your application’s resources.


This section defines the format of Inigo’s Security type configuration files. Fields marked as required must be specified if the parent is defined.

Spec

Field Type Description
validation ValidationConfig  
allow_http_get_operations boolean default:true Clients are allowed to query GraphQL using HTTP GET (in addition to HTTP POST).
profile_default_values SecurityProfileDefaultValues  
profiles [SecurityProfile]  

ValidationConfig

Field Type Description
alias_name string Regular expression to validate query alias names.
directive_name string Regular expression to validate query directive names.
operation_name string Regular expression to validate the operation name.
arguments ArgumentsValidationConfig  

ArgumentsValidationConfig

Field Type Description
String string Regular expression to validate GraphQL query arguments of String type.

SecurityProfileDefaultValues

Field Type Description
max_depth int Maximum length limit for queries.
max_height int Maximum query height limit for queries.
max_directives int Maximum number of query directives allowed in a query (both existent and non-existent query directives).
max_request_size_bytes int Maximum client request size allowed in bytes.
max_response_size_bytes int Maximum server response size allowed in bytes.
max_root_queries int Number of allowed root queries in a single query.
max_root_mutations int Number of allowed root mutations in a single query.
require_operation_name boolean Requires queries to have an operation name set.
pii [string] One of:
- SSN
- CreditCard
require_fields object Mandates the use of specific fields when some type is used in a query.

require_fields:
User: [ name, email ]

require_id_fields boolean Requires query selection sets to have an id field where it exists.
max_aliases int Maximum allowed aliased fields in a query.

SecurityProfile

Field Type Description
Name string required Name of the profile.
max_depth int Maximum length limit for queries.
max_height int Maximum query height limit for queries.
max_directives int Maximum number of query directives allowed in a query (both existent and non-existent query directives).
max_request_size_bytes int Maximum client request size allowed in bytes.
max_response_size_bytes int Maximum server response size allowed in bytes.
max_root_queries int Number of allowed root queries in a single query.
max_root_mutations int Number of allowed root mutations in a single query.
require_operation_name boolean Requires queries to have an operation name set.
pii [string] One of:
- SSN
- CreditCard
require_fields object Mandates the use of specific fields when some type is used in a query.

require_fields:
User: [ name, email ]

require_id_fields boolean Requires query selection sets to have an id field where it exists.
max_aliases int Maximum allowed aliased fields in a query.