4

I want to use Hasura only as a Data Access Layer behind a NestJs GraphQL server and keep all the benefit of Hasura especially the real time feature with subscriptions.

The idea is to build a more customised API and handle all the business logic before interacting with Hasura.

By doing this, do I have to handle security access myself on Nestjs layer since I have to connect to Hasura server with x-hasura-admin-secret from Nestjs server? Do you think it is a good approach to use Hasura ?

Is there any other alternatives that use Hasura as a data access layer in a scalable architecture?

Thanks

a__t
  • 41
  • 1
  • 1
  • 1
    FWIW, Prisma has a lot of the same features as Hasura, including subscription support and I think it may be a [better fit for this sort of architecture](https://docs.nestjs.com/recipes/prisma). – Daniel Rearden Oct 03 '19 at 16:30

1 Answers1

0

Of course you are responsible of the security of the NestJS layer, but I guess you mean authentication. If that's true, then it all depends on what authentication you are planning on using.

If you wish to implement the authentication either using JWT or Webhooks (see this article for explanations), I would suggest letting Hasura take care of it, and your additional layer in this case will just forward the requests to Hasura without needing to to provide the X-Hasura-Admin-Secret.

From what I can tell, people are adding a "Hasura layer" to their already existing, or public, GraphQL APIs using their Remote Schemas feature to accomplish Schema Stitching.

Can we know more of why you wish to add the layer? I am pretty sure Hasura offers way of defining custom queries and aggregate queries and from my experience provides ample queries/mutations. Plus it offers other features that you will probably find interesting (subscriptions, events...)

Anas Tiour
  • 1,344
  • 3
  • 17
  • 33