conradwt
What's the recommended approach for securing GraphQL APIs?
Hi, I’m building an application that will have support for both the web and mobile. At this time, I’m using PhxGenAuth for authentication on the web. However, it appears that there’s no out-of-the-box support for API authentication.
Thus, I was wondering, what’s the recommended approach for securing GraphQL APIs these days? From the book “Craft GraphQL APIs in Elixir with Absinthe”, it appears that JWTs is a good solution to go with for now.
Finally, are there any recommended Hex authentication packages that support both session and API authentication?
Most Liked
OvermindDL1
A header token or a token passed in the message directly are the two ways I most often see.
Popular Backend topics
Other popular topics
Sponsor Spotlight
We build trusted fault-tolerant systems that scale to billions of users.
Latest in Phoenix
Backend>Questions
Categories:
Sub Categories:
Popular Portals
- /elixir
- /rust
- /wasm
- /ruby
- /erlang
- /phoenix
- /keyboards
- /rails
- /js
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /emacs
- /haskell
- /java
- /onivim
- /typescript
- /svelte
- /crystal
- /kotlin
- /c-plus-plus
- /tailwind
- /gleam
- /react
- /ocaml
- /elm
- /flutter
- /vscode
- /ash
- /html
- /opensuse
- /centos
- /php
- /deepseek
- /zig
- /scala
- /lisp
- /textmate
- /sublime-text
- /nixos
- /debian
- /react-native
- /agda
- /kubuntu
- /arch-linux
- /ubuntu
- /revery
- /django
- /manjaro
- /spring
- /nodejs
- /diversity
- /lua
- /julia
- /slackware
- /c
- /markdown
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Real-time error tracking, performance insights, and observability for devs.
Develop your skills with books, videos, and courses.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that move you from confusion to "Aha, now I get it!"