GraphQL Rules
Edit page
8. Rules of authorization

Authorization is one of the relatively difficult problems in GraphQL. There are 2 main approaches to address this problem:

  1. Authorization below the GraphQL Layer in the Business Logic / Services.
  2. Authorization in/above the GraphQL Layer as an API Gateway approach.

This section provides with suggestions of how to implement authorization in your GraphQL API.

8.1. Schema diffing based authorization