Metadata API Reference: Network Options (v2.0 and above)
Introduction
Here's the API to modify any Network
metadata. One of the options is
to manage a TLS allowlist
.
TLS Allowlist
The TLS Allowlist represents a set of services that are permitted to use
self-signed certificates - primarily intended for use in development and
staging environments, services can be whitelisted by a host
, and
optionally (service id) port
.
add_host_to_tls_allowlist
add_host_to_tls_allowlist
is used to add any string
This API could be supplied with just the hostname in the args
field of
the request instead of the complete object.
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin
{
"type": "add_host_to_tls_allowlist",
"args": {
"host": "graphql.hasura.io",
"suffix": "core.graphql",
"permissions": ["self-signed"]
}
}
Args syntax
Key | Required | Schema | Description |
---|---|---|---|
host | true | String | the hostname/domain of the endpoint |
suffix | false | String | suffix for the service (this is usually reserved for the service port number) |
permissions | false | [String] | Can be only ["self-signed"] until more permissions are supported. "self-signed" allows self-signed, name mismatches, and non-X509.V3 certificates. |
drop_host_from_tls_allowlist
drop_host_from_tls_allowlist
is used to drop an endpoint from the TLS allowlist.
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin
{
"type": "drop_host_from_tls_allowlist",
"args": {
"host": "graphql.hasura.io"
}
}
Args syntax
Key | Required | Schema | Description |
---|---|---|---|
host | true | String | The hostname/domain of the endpoint that was previously added to the allowlist |