That is a great question. Thanks for asking! Since WPGraphQL is a WordPress plugin, it adheres to roughly the same security practices as the REST API for reading/writing data, meaning most data can be read without authentication while a user will need to authenticate (prove who they are) and be authorized (have the WP capabilities with their role) to write any data. From there, you can also require auth on the WPGraphQL endpoint for all connections, and there are multiple strategies that would allow you to provide credentials to your server so that only your front end could hit the /graphql endpoint. Let us know if you have other questions or something specific about security in mind.
This is excellent! A thorough walkthrough with clear explanations. Thanks, Jeff! 🙌
Thanks, Kellen! Gotta love the browser-based tools
Thank you, Why single post 'Postpage.js " got ' id: props.match.params.slug' error :? any idea?
Can I get in graphql scheme the html code generate by wordpress ?
Yeah, it should be the content property on the post or page object - JE
How secure is this?
That is a great question. Thanks for asking! Since WPGraphQL is a WordPress plugin, it adheres to roughly the same security practices as the REST API for reading/writing data, meaning most data can be read without authentication while a user will need to authenticate (prove who they are) and be authorized (have the WP capabilities with their role) to write any data. From there, you can also require auth on the WPGraphQL endpoint for all connections, and there are multiple strategies that would allow you to provide credentials to your server so that only your front end could hit the /graphql endpoint. Let us know if you have other questions or something specific about security in mind.