Hi all! Who here has some experience with high-level authentication for a Yoga Server, and some time to help me out? I'm not talking permissions, as listed in this doc - https://www.prismagraphql.com/docs/tutorials/graphql-server-development/permissions-thohp1zaih, but rather limiting who has access to a Yoga Server at all. Scenario is that right now anyone can hit my endpoint and see the playground, and I'd like to limit who can do that.

Hey Ben, noone should be able to see your Playground in production. This is also how it is setup in the boilerplates (for example this one: https://github.com/graphql-boilerplates/node-graphql-server/tree/master/advanced). If that's not the case, or you want to have a bigger discussion about this, I suggest to open up a new thread here: https://www.graph.cool/forum/c/questions 🙂 Thanks!

@bminch I use the environment variables set by my local dev and ci to enable/disable the routes

^ important to note that I deployed our Yoga Server using Heroku (we were having issues with Now), and that is the app that I want to restrict. My Prisma Cloud Service is working just fine and requires a token 🙂. Perhaps this is more of a Heroku question than a Yoga Server question.