Gato GraphQL logo

Public, Private & Password-Protected Endpoints

Public, Private & Password-Protected Endpoints

In addition to creating and exposing public endpoints (the single endpoint, and public custom endpoints and persisted queries), we can also create private endpoints, and protect a public endpoint with a password.

Private endpoints

By setting the status of the Custom Endpoint or Persisted Query as private, the endpoint can only be accessed by the admin user. This prevents our data from being unintentionally shared with users who should not have access to the data.

For instance, we can create private Persisted Queries that help manage the application, such as retrieving data to create reports with our metrics.

Private Persisted Query

Password-protected endpoints

If we create a Custom Endpoint or Persisted Query for a specific client, we can now assign a password to it, to provide an additional level of security that only that client will access the endpoint.

Password-protected Custom Endpoint

When first accessing a password-protected endpoint (whether accessing the endpoint directly, or its GraphiQL or Interactive Schema clients), we encounter a screen requesting the password:

Password-protected Custom Endpoint: First access

Once the password is provided and validated, only then the user will access the intended endpoint or client:

Password-protected Custom Endpoint: After authorization