Public, Private & Password-Protected Endpoints
Public, Private & Password-Protected Endpoints
In addition to creating and exposing public endpoints (the single endpoint, and public custom endpoints and persisted queries), we can also create private endpoints, and protect a public endpoint with a password.
Private endpoints
By setting the status of the Custom Endpoint or Persisted Query as private, the endpoint can only be accessed by the admin user. This prevents our data from being unintentionally shared with users who should not have access to the data.
For instance, we can create private Persisted Queries that help manage the application, such as retrieving data to create reports with our metrics.
Password-protected endpoints
If we create a Custom Endpoint or Persisted Query for a specific client, we can now assign a password to it, to provide an additional level of security that only that client will access the endpoint.
When first accessing a password-protected endpoint (whether accessing the endpoint directly, or its GraphiQL or Interactive Schema clients), we encounter a screen requesting the password:
Once the password is provided and validated, only then the user will access the intended endpoint or client:
