Drupal is a registered trademark of Dries Buytaert
drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)! drupal 11.3.6 Update released for Drupal core (11.3.6)! drupal 10.6.6 Update released for Drupal core (10.6.6)! cms 2.1.0 Update released for Drupal core (2.1.0)! bootstrap 8.x-3.40 Minor update available for theme bootstrap (8.x-3.40). menu_link_attributes 8.x-1.7 Minor update available for module menu_link_attributes (8.x-1.7). eca 3.1.1 Minor update available for module eca (3.1.1). layout_paragraphs 2.1.3 Minor update available for module layout_paragraphs (2.1.3). ai 1.3.3 Minor update available for module ai (1.3.3). ai 1.2.14 Minor update available for module ai (1.2.14). node_revision_delete 2.0.3 Minor update available for module node_revision_delete (2.0.3). moderated_content_bulk_publish 2.0.52 Minor update available for module moderated_content_bulk_publish (2.0.52). klaro 3.0.10 Minor update available for module klaro (3.0.10). klaro 3.0.9 Minor update available for module klaro (3.0.9). layout_paragraphs 2.1.2 Minor update available for module layout_paragraphs (2.1.2). geofield_map 11.1.8 Minor update available for module geofield_map (11.1.8).
← All modules

graphql_shield

Security covered
View on drupal.org

Overview

GraphQL Shield provides comprehensive security protection for your Drupal GraphQL endpoints. This module implements industry-standard security practices to protect your API from abuse, attacks, and unauthorized access.

Key Features

- Query Protection: Complexity analysis and depth limiting prevent resource-intensive queries
- Rate Limiting: Configurable per-user and per-IP throttling
- Authentication: API key management and JWT token support
- Access Control: Introspection control and persisted query whitelisting
- Threat Detection: DoS/DDoS protection with automatic IP blocking
- Monitoring: Real-time security dashboard and comprehensive audit logging
- Admin UI: User-friendly configuration interface for all security features

Use Cases

- Public GraphQL APIs requiring abuse protection
- Enterprise applications with strict security requirements
- Mobile and SPA backends needing API key authentication
- Multi-tenant applications with fine-grained access control
- High-traffic sites requiring DoS/DDoS mitigation

Requirements

- Drupal 9.5+ or Drupal 10+
- GraphQL module (drupal/graphql)
- PHP 8.0+

Getting Started

1. Install via Composer: composer require drupal/graphql_shield
2. Enable the module: drush en graphql_shield -y
3. Configure at: Configuration > GraphQL > GraphQL Shield
4. Monitor security at: Reports > GraphQL Shield Dashboard

Documentation

Complete documentation including installation guide, configuration examples, and best practices is available in the module's README.md file.

Support

- Issue queue: https://www.drupal.org/project/issues/graphql_shield
- Documentation: Included in module package

License

GPL-2.0-or-later
---


Protect your GraphQL APIs with confidence. 🛡️

Activity

Total releases
1
First release
Nov 2025
Latest release
5 months ago
Release cadence
Stability
100% stable

Releases

Version Type Release date
1.0.0 Stable Nov 3, 2025