Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

GraphQL Shield offers robust security for your Drupal GraphQL endpoints by protecting against abuse and attacks. It includes features like query limiting, rate limiting, authentication, access control, and threat detection.

Overview

GraphQL Shield provides comprehensive security protection for your Drupal GraphQL endpoints. This module implements industry-standard security practices to protect your API from abuse, attacks, and unauthorized access.

Key Features

- Query Protection: Complexity analysis and depth limiting prevent resource-intensive queries
- Rate Limiting: Configurable per-user and per-IP throttling
- Authentication: API key management and JWT token support
- Access Control: Introspection control and persisted query whitelisting
- Threat Detection: DoS/DDoS protection with automatic IP blocking
- Monitoring: Real-time security dashboard and comprehensive audit logging
- Admin UI: User-friendly configuration interface for all security features

Use Cases

- Public GraphQL APIs requiring abuse protection
- Enterprise applications with strict security requirements
- Mobile and SPA backends needing API key authentication
- Multi-tenant applications with fine-grained access control
- High-traffic sites requiring DoS/DDoS mitigation

Requirements

- Drupal 9.5+ or Drupal 10+
- GraphQL module (drupal/graphql)
- PHP 8.0+

Getting Started

1. Install via Composer: composer require drupal/graphql_shield
2. Enable the module: drush en graphql_shield -y
3. Configure at: Configuration > GraphQL > GraphQL Shield
4. Monitor security at: Reports > GraphQL Shield Dashboard

Documentation

Complete documentation including installation guide, configuration examples, and best practices is available in the module's README.md file.

Support

- Issue queue: https://www.drupal.org/project/issues/graphql_shield
- Documentation: Included in module package

License

GPL-2.0-or-later
---


Protect your GraphQL APIs with confidence. 🛡️

Activity

Total releases
1
First release
Nov 2025
Latest release
8 months ago
Releases (12 mo)
1 ▲ from 0
Maintenance
Slowing

Releases

Version Type Release date
1.0.0 Stable Nov 3, 2025