Skip to content
GraphWarden
Features Use Cases Pricing Compare
Docs Compliance Trust API Explorer Blog
Resources
Docs Compliance Trust API Explorer Blog
EN FR
Request Demo

Get started

  • What GraphWarden does and when to use it
  • Deploy GraphWarden and make your first proxied Graph call

Concepts

  • App identities: proxy credentials vs. real Graph credentials
  • How requests flow through GraphWarden
  • Deployment modes: hosted, on-premise, and hybrid
  • Rulesets and rules: the GraphWarden data model
  • Trust model: zero-knowledge credentials and what GraphWarden does not see

Developer integration

  • Overview
  • Integrate GraphWarden with a .NET application
  • Integrate GraphWarden with a Go application
  • Route an existing app through GraphWarden
  • Integrate GraphWarden with a Node.js application
  • Integrate GraphWarden with a PHP or Laravel application
  • Integrate GraphWarden with a Python application

PowerShell

  • Overview
  • PowerShell cookbook: common M365 admin tasks through GraphWarden
  • Route Exchange Online PowerShell through GraphWarden
  • Route legacy AzureAD and MSOnline PowerShell modules through GraphWarden
  • Manage Microsoft 365 with the Microsoft.Graph PowerShell module through GraphWarden
  • Route a PowerShell script through GraphWarden

CI/CD

  • Overview
  • Run GraphWarden proxy deployments from Azure DevOps Pipelines
  • Run GraphWarden proxy deployments from GitHub Actions
  • Manage GraphWarden secrets across environments
  • Provision GraphWarden infrastructure with Terraform

ISV

  • Overview
  • GraphWarden-compatible partners
  • Add GraphWarden compatibility to your product
  • GraphWarden compatibility statement (template)
  • Why your product should support GraphWarden
  • Graph subscriptions, webhooks, and callbacks with GraphWarden

API reference

  • Overview
  • Agent API: HMAC-authenticated endpoints between the proxy and the control plane
  • Condition types: all 11 matchers used in GraphWarden rulesets
  • GraphWarden proxy environment variables
  • Rule schema: the GraphWarden ruleset YAML format
  • Transform types: all 9 transformations used in GraphWarden rulesets

Deployment

  • Overview
  • Deploy the GraphWarden proxy to Azure Container Apps
  • Deploy the GraphWarden proxy with Docker
  • Network and firewall requirements for the GraphWarden proxy
  • Install the GraphWarden proxy as a Windows Service
  • Sizing the GraphWarden proxy for your request volume

AI agents

  • Overview
  • AI-native documentation for GraphWarden
  • Prompts for common GraphWarden integration tasks
  1. Home
  2. /
  3. Docs
  4. /
  5. API reference

API reference

Canonical specifications for the GraphWarden proxy, rulesets, and agent API.

Environment variables

Every environment variable the GraphWarden proxy reads at startup — required flag, default, and purpose.

Supported

Agent API

Planned for Phase 2.

Planned

Rule schema

Planned for Phase 2.

Planned

Condition types

Planned for Phase 6.

Planned

Transform types

Planned for Phase 6.

Planned

Last reviewed: April 19, 2026

GraphWarden

Zero-trust security layer for Microsoft Graph API.

Product

  • Features
  • Use Cases
  • Pricing
  • Trust

Company

  • About
  • Blog
  • Contact
  • Roadmap
  • Press & Media

Get in Touch

  • Contact us
  • Montreal, Canada

© 2026 GraphWarden. All rights reserved.

Privacy Policy Terms of Service