Third-Party API

This page is a draft.

Use this guide when your Fusion gateway is exposed to external or third-party clients that can send arbitrary queries.

Planned topics:

  • Threat model and API posture for public GraphQL endpoints.
  • Cache strategy for public traffic.
  • Complexity and abuse protections.
  • Authentication and authorization patterns.
  • Operational guidance and rollout checklist.
Edit this page on GitHub
Last updated on by Tobias Tengler