Skip to content

GraphQL

Screenshot

Support for GraphQL is available in private beta for select customers. To gain access to the beta, email us at support@satoricyber.com.

To add the GraphQL API Server Data Store to Satori perform the following steps:

Adding a GraphQL API Server Data Store to Satori

  1. First, login to the Satori management consolehere.
  2. In the Data Stores view, click the plus button to add a new data store.
  3. Select the API Server option.
  4. Provide an informative name for the data store, for example: Prod API Server.
  5. Select the appropriate cloud provider and region for the Satori Data Access Controller.
  6. Click Create.
  7. Finally, you will be redirected to the Data Stores list view.
  8. Consult with your Satori technical representative regarding additional properties such as reverse proxy mode, authentication URL and more.

Known Limitations

Data Classification and Data Filtering on GraphQL API Server data stores are not supported.

Connecting to GraphQL APIs via Satori

Satori Data Access Controller supports two connection modes for GraphQL APIs.

Forward Proxy Mode

When in Forward Proxy mode, Satori generates a new hostname for your API server, for example: abc123.us-east1.g.p0.satoricyber.net. Clients using the API must change their calls to the new hostname. No further action is required on the backend to support this forward proxy mode.

Reverse Proxy Mode

In Reverse Proxy mode, clients do not need to change their call to a new hostname. The existing hostname is configured with a CNAME record to point to the Satori generated hostname. For example:

api.acme.com CNAME abc123.us-east1.g.p0.satoricyber.net

To enable revere proxy mode, Satori needs to supply clients with a TLS certificate that matches api.acme.com. Satori supports several integration options for customer-provided TLS certificates, contact support@satoricyber.com for more details.

Network Policy Settings

Satori provides you with the ability to define your network security policy for your data store.

Screenshot

Simply, specify which IP addresses and subnet masks should be allowed access to the Data Store and which IP addresses and subnet masks should be blocked. Note: Satori allows all IP address ranges if you leave the form empty by default.

Example 1

To allow all IP addresses - Leave the form blank. Screenshot

Example 2

To block specific IP addresses - Add them to the blocked IP address list. Screenshot

Example 3

To only allow access to specific IP addresses - Add them to the allow list. Note: Access from all other IP addresses will be blocked. Screenshot

Example 4

To allow access from a specific IP address range while blocking parts of the range - Add the IP range to the list of allowed IP addresses and add the IP address that you wish to block to the Block list. Screenshot