Third-Party API
Draft guide for operating a Fusion gateway as a third-party GraphQL API, including open-client concerns, caching strategy, and safety controls.
This page is a draft.
Use this guide when your Fusion gateway is exposed to external or third-party clients that can send arbitrary queries.
Planned topics:
- Threat model and API posture for public GraphQL endpoints.
- Cache strategy for public traffic.
- Complexity and abuse protections.
- Authentication and authorization patterns.
- Operational guidance and rollout checklist.
Last updated on April 13, 2026 by Michael Staib