apoc.load

Security: Protecting against SSRF

These procedures can fetch data from external URLs and are susceptible to Server-Side Request Forgery (SSRF). To mitigate this:

Neo4j Enterprise Edition: Use Load Privileges with CIDR restrictions. Note: For admin users, you must also apply DENY EXECUTE BOOSTED PROCEDURE apoc.* ON DBMS TO PUBLIC to prevent boosted privileges from bypassing these restrictions.
Neo4j Community Edition: Configure the internal.dbms.cypher_ip_blocklist setting.

For detailed mitigation strategies, including examples on how to configure the internal.dbms.cypher_ip_blocklist setting, see the Knowledge Base article: Protecting against SSRF.

Qualified Name Type

Qualified Name	Type
apoc.load.arrow `apoc.load.arrow(file STRING, config MAP<STRING, ANY>)` - imports `NODE` and `RELATIONSHIP` values from the provided arrow file.	Procedure Deprecated in Cypher 5 Removed in Cypher 25
apoc.load.arrow.stream `apoc.load.arrow.stream(source LIST<INTEGER>, config MAP<STRING, ANY>)` - imports `NODE` and `RELATIONSHIP` values from the provided arrow byte array.	Procedure Deprecated in Cypher 5 Removed in Cypher 25
apoc.load.json `apoc.load.json(urlOrKeyOrBinary ANY, path STRING, config MAP<STRING, ANY>)` - imports JSON file as a stream of values if the given JSON file is a `LIST<ANY>`. If the given JSON file is a `MAP`, this procedure imports a single value instead.	Procedure
apoc.load.jsonArray `apoc.load.jsonArray(url STRING, path STRING, config MAP<STRING, ANY>)` - loads array from a JSON URL (e.g. web-API) to then import the given JSON file as a stream of values.	Procedure
apoc.load.jsonParams `apoc.load.jsonParams(urlOrKeyOrBinary ANY, headers MAP<STRING, ANY>, payload STRING, path STRING, config MAP<STRING, ANY>)` - Loads a JSON document from a URL (e.g. web-API) as a stream of values if the given JSON document is a `LIST<ANY>`. If the given JSON file is a `MAP`, this procedure imports a single value instead.	Procedure Deprecated in Cypher 5 Removed in Cypher 25
apoc.load.xml `apoc.load.xml(urlOrBinary ANY, path STRING, config MAP<STRING, ANY>, simple BOOLEAN)` - loads a single nested `MAP` from an XML URL (e.g. web-API).	Procedure

apoc.load.arrow

apoc.load.arrow(file STRING, config MAP<STRING, ANY>) - imports NODE and RELATIONSHIP values from the provided arrow file.

Procedure Deprecated in Cypher 5 Removed in Cypher 25

apoc.load.arrow.stream

apoc.load.arrow.stream(source LIST<INTEGER>, config MAP<STRING, ANY>) - imports NODE and RELATIONSHIP values from the provided arrow byte array.

Procedure Deprecated in Cypher 5 Removed in Cypher 25

apoc.load.json

apoc.load.json(urlOrKeyOrBinary ANY, path STRING, config MAP<STRING, ANY>) - imports JSON file as a stream of values if the given JSON file is a LIST<ANY>. If the given JSON file is a MAP, this procedure imports a single value instead.

Procedure

apoc.load.jsonArray

apoc.load.jsonArray(url STRING, path STRING, config MAP<STRING, ANY>) - loads array from a JSON URL (e.g. web-API) to then import the given JSON file as a stream of values.

Procedure

apoc.load.jsonParams

apoc.load.jsonParams(urlOrKeyOrBinary ANY, headers MAP<STRING, ANY>, payload STRING, path STRING, config MAP<STRING, ANY>) - Loads a JSON document from a URL (e.g. web-API) as a stream of values if the given JSON document is a LIST<ANY>. If the given JSON file is a MAP, this procedure imports a single value instead.

Procedure Deprecated in Cypher 5 Removed in Cypher 25

apoc.load.xml

apoc.load.xml(urlOrBinary ANY, path STRING, config MAP<STRING, ANY>, simple BOOLEAN) - loads a single nested MAP from an XML URL (e.g. web-API).

Procedure