Authentication
Last updated
Was this helpful?
Last updated
Was this helpful?
To authenticate requests sent by Hasura Event Triggers, an API key is used that we generate. This key is available to the Moped API (Flask app) and the Hasura GraphQL Engine ECS Task Definition.
MOPED_API_HASURA_APIKEY
is set in the environment variables of the Moped API (Flask app)
The Moped API /event/
route code gets the MOPED_API_HASURA_APIKEY
and compares it to MOPED_API_APIKEY
which is retrieved from the request header from the request sent from the Hasura Event Trigger
See
If these keys do not match, the request is rejected and a 403 response is sent
The API key is set in the ECS Task Definition of the Moped Hasura GraphQL Engine
If you look at the ECS Task Definition JSON tab, you will find a secrets key with values that are
These secrets are injected from entries in AWS Systems Manager Parameter Store
Hasura sends the API key in Event Trigger request headers