Hi everyone. prisma green I am currently looking into the security of my app with Prisma. I am wondering: how do I protect the Prisma Server (not my backend) against unwanted requests ? I found documentation on how to protect the management api (with management_api_secret). But I can't find informations about how to secure the rest (services/endpoints). Do you guys have information on this ?

I use passport.js with JWT authentication. You can use JWT auth as an express middleware with graphql-yoga. It should be able to protect the REST and Subscription endpoints for your app.

Yes, but this would protect my backend, not the dockerised Prisma Server, right ?

Yes, to protect that server you need to use a secret token

But this only protects the management api. I still can access my services/stages and do queries/mutations

It should protect the entire API

I don't know, the documentation seems to tell it's only for the management api.

depending on how/where youre running this, you might want to have the prisma server only available on a private network and then have the graphql server infront of it deployed in a way that it can reach prisma

That would work indeed, thanks for the advice

@Errorname: @Henry’s answer is spot on 👌

@Henry Ooh thank you, I was looking at the wrong secret token, for the management api!