GraphQL Shield
GraphQL Shield offers robust security for your Drupal GraphQL endpoints by protecting against abuse and attacks. It includes features like query limiting, rate limiting, authentication, access control, and threat detection.
Overview
GraphQL Shield provides comprehensive security protection for your Drupal GraphQL endpoints. This module implements industry-standard security practices to protect your API from abuse, attacks, and unauthorized access.
Key Features
- Query Protection: Complexity analysis and depth limiting prevent resource-intensive queries
- Rate Limiting: Configurable per-user and per-IP throttling
- Authentication: API key management and JWT token support
- Access Control: Introspection control and persisted query whitelisting
- Threat Detection: DoS/DDoS protection with automatic IP blocking
- Monitoring: Real-time security dashboard and comprehensive audit logging
- Admin UI: User-friendly configuration interface for all security features
Use Cases
- Public GraphQL APIs requiring abuse protection
- Enterprise applications with strict security requirements
- Mobile and SPA backends needing API key authentication
- Multi-tenant applications with fine-grained access control
- High-traffic sites requiring DoS/DDoS mitigation
Requirements
- Drupal 9.5+ or Drupal 10+
- GraphQL module (drupal/graphql)
- PHP 8.0+
Getting Started
1. Install via Composer: composer require drupal/graphql_shield
2. Enable the module: drush en graphql_shield -y
3. Configure at: Configuration > GraphQL > GraphQL Shield
4. Monitor security at: Reports > GraphQL Shield Dashboard
Documentation
Complete documentation including installation guide, configuration examples, and best practices is available in the module's README.md file.
Support
- Issue queue: https://www.drupal.org/project/issues/graphql_shield
- Documentation: Included in module package
License
GPL-2.0-or-later
---
Protect your GraphQL APIs with confidence. 🛡️