Metadata API Reference: Network Options (v2.0 and above)

Introduction

Here’s the API to modify any Network metadata. One of the options is to manage a TLS allowlist.

TLS Allowlist

The TLS Allowlist represents a set of services that are permitted to use self-signed certificates - primarily intended for use in development and staging environments, services can be whitelisted by a host, and optionally (service id) port.

add_host_to_tls_allowlist

add_host_to_tls_allowlist is used to add any string

This API could be supplied with just the hostname in the args field of the request instead of the complete object.

POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
    "type": "add_host_to_tls_allowlist",
    "args": {
        "host": "graphql.hasura.io",
        "suffix": "core.graphql",
        "permissions": ["self-signed"]
    }
}
Key Required Schema Description
host true String the hostname/domain of the endpoint
suffix false String suffix for the service (this is usually reserved for the service port number)
permissions false [String] Can be only ["self-signed"] until more permissions are supported. “self-signed” allows self-signed, name mismatches, and non-X509.V3 certificates.

drop_host_from_tls_allowlist

drop_host_from_tls_allowlist is used to drop an endpoint from the TLS allowlist.

POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
    "type": "drop_host_from_tls_allowlist",
    "args": {
        "host": "graphql.hasura.io"
    }
}
Key Required Schema Description
host true String The hostname/domain of the endpoint that was previously added to the allowlist