Support for GraphQL is available in private beta for select customers. To gain access to the beta, email us at email@example.com.
To add the GraphQL API Server Data Store to Satori perform the following steps:
Adding a GraphQL API Server Data Store to Satori
- First, login to the Satori management consolehere.
- Go to the Data Stores view and click the plus button to add a new data store.
- Select the API Server option.
- Provide an informative name for the data store, for example: Prod API Server.
- Select the appropriate cloud provider and region for the Satori Data Access Controller.
- Click Create.
- You will be redirected to the Data Stores list.
- Consult with your Satori technical representative regarding additional properties such as reverse proxy mode, authentication URL and more.
Data Classification and Data Filtering on GraphQL API Server data stores are not supported.
Connecting to GraphQL APIs via Satori
Satori Data Access Controller supports two connection modes for GraphQL APIs.
Forward Proxy Mode
When in Forward Proxy mode, Satori generates a new hostname for your API server, for example:
abc123.us-east1.g.p0.satoricyber.net. Clients using the API must change their calls to the new hostname. No further action is required on the backend to support this forward proxy mode.
Reverse Proxy Mode
In Reverse Proxy mode, clients do not need to change their call to a new hostname. The existing hostname is configured with a CNAME record to point to the Satori generated hostname. For example:
api.acme.com CNAME abc123.us-east1.g.p0.satoricyber.net
To enable revere proxy mode, Satori needs to supply clients with a TLS certifiate that matches
api.acme.com. Satori supports several integration options for customer-provided TLS certificates, contact firstname.lastname@example.org for more details.
Network Policy Settings
Satori provides you with the ability to define your network security policy for your data store.
Simply, specify which IP addresses and subnet masks should be allowed access to the Data Store and which IP addresses and subnet masks should be blocked. Note: Satori allows all IP address ranges if you leave the form empty by default.
To allow all IP addresses - Leave the form blank.
To block specific IP addresses - Add them to the blocked IP address list.
To only allow access to specific IP addresses - Add them to the allow list. Note: Access from all other IP addresses will be blocked.
To allow access from a specific IP address range while blocking parts of the range - Add the IP range to the list of allowed IP addresses and add the IP address that you wish to block to the Block list.