graphql_shield

Overview

GraphQL Shield provides comprehensive security protection for your Drupal GraphQL endpoints. This module implements industry-standard security practices to protect your API from abuse, attacks, and unauthorized access.

Key Features

- Query Protection: Complexity analysis and depth limiting prevent resource-intensive queries
- Rate Limiting: Configurable per-user and per-IP throttling
- Authentication: API key management and JWT token support
- Access Control: Introspection control and persisted query whitelisting
- Threat Detection: DoS/DDoS protection with automatic IP blocking
- Monitoring: Real-time security dashboard and comprehensive audit logging
- Admin UI: User-friendly configuration interface for all security features

Use Cases

- Public GraphQL APIs requiring abuse protection
- Enterprise applications with strict security requirements
- Mobile and SPA backends needing API key authentication
- Multi-tenant applications with fine-grained access control
- High-traffic sites requiring DoS/DDoS mitigation

Requirements

- Drupal 9.5+ or Drupal 10+
- GraphQL module (drupal/graphql)
- PHP 8.0+

Getting Started

1. Install via Composer: composer require drupal/graphql_shield
2. Enable the module: drush en graphql_shield -y
3. Configure at: Configuration > GraphQL > GraphQL Shield
4. Monitor security at: Reports > GraphQL Shield Dashboard

Documentation

Complete documentation including installation guide, configuration examples, and best practices is available in the module's README.md file.

Support

- Issue queue: https://www.drupal.org/project/issues/graphql_shield
- Documentation: Included in module package

License

GPL-2.0-or-later
---

Protect your GraphQL APIs with confidence. 🛡️