Securing Apollo Federation Subgraphs: Context and Best Practices

Securing Apollo Federation subgraphs is critical to maintaining a robust security framework as AI tools increasingly expose vulnerabilities in publicly accessible services. The architectural design of Apollo Federation dictates that subgraphs remain internal services accessed only through a central router, which serves as the core point for security enforcement by providing access control, demand management, and operation safelisting. This internal-only access is crucial to prevent bypassing security measures and exposing sensitive coordination mechanisms. Key security practices include keeping subgraphs inaccessible from the public internet, disabling introspection in production, and implementing authentication and authorization at the router level. Additional measures such as data validation, pagination, setting operation limits, and monitoring through observability tools are recommended to safeguard the infrastructure. The overarching principle is that subgraphs must only be accessed via the router to enable centralized governance and protect against potential API sprawl and exploitation.