-
Hi, is there any feature to protect graphql api? We don't want someone crawl all our data easy, right? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
There's a blog post here that proposes one option for this: https://www.wpgraphql.com/2019/01/30/preventing-unauthenticated-requests-to-your-wpgraphql-api/ You could also implement .htaccess (or similar) auth requiring a username/password for the endpoint itself, before WordPress execution even begins. Something like suggested here: https://stackoverflow.com/questions/5229656/password-protecting-a-directory-and-all-of-its-subfolders-using-htaccess |
Beta Was this translation helpful? Give feedback.
There's a blog post here that proposes one option for this: https://www.wpgraphql.com/2019/01/30/preventing-unauthenticated-requests-to-your-wpgraphql-api/
You could also implement .htaccess (or similar) auth requiring a username/password for the endpoint itself, before WordPress execution even begins.
Something like suggested here: https://stackoverflow.com/questions/5229656/password-protecting-a-directory-and-all-of-its-subfolders-using-htaccess