A helpful security-focused tutorial, the piece offers several examples of how developers can lock down their GraphQL applications against potential intruders. The article covers Access Control, Anti-Automation, Server-Side Validation Checks, and Verbose Error Messaging and provides readers with some great early steps to begin to lock down their app.
A dense article, this piece shares a variety of caching strategies in React Apollo GraphQL Client. While offering a swathe of options, the tutorial is also diligent about linking out to articles that dive deeper, helping anyone investigate any specific approach further.
For users and fans of Postman, this article does exactly what it says on the tin. 🥫
At API Days in Paris, Ozair Sheikh, Director of Product Management from IBM, gave a unique talk on GraphQL specifically focussed on the managing and securing the API. After giving an introduction to GraphQL and the evolution of the API standards, he emphasises the processing power it takes to complete some GraphQL queries, especially as GraphQL queries (unlike REST) may invoke multiple backends. The talk then covers some security features that can be put in place to prevent GraphQL queries used maliciously and how the features of GraphQL itself can lend themselves to creating specific services for developers seeking to use a company's API. An interesting talk for GraphQL Aficionados and API Product Managers.
Ben Awad has published a new 11 part series on using TypeGraphQL, which allows you to create GraphQL schema and resolvers with TypeScript. The series goes from setting up a TypeGraphQL server all the way through middleware and features like login, logout, retrieve their lost password. Hot off the press, (the last video was published on Thursday), the series is now available in full on youtube.
Tools & Open Source
A handy open source tool for easier formatting of GraphQL APIs on the command line, the GraphQL CLI allows users to build a query on the command line using flags. Open for contributions, the tool's main use is to help with with experimentation, scripting, and debugging. Check out the Github Readme for more details and how to contribute.