A weekly newsletter of the best news, articles and projects about GraphQL


Protecting Your GraphQL API From Security Vulnerabilities

Tom Nagle provides insight into GraphQL security vulnerabilities that are useful to keep in mind when building a large-scale enterprise application or even a simple side project. He breaks down major threats, like brute forcing vulnerable mutations, and offers detailed solutions against various attacks. The article includes sample code as well as helpful tools to prevent your schema from being leaked in public environments.

How to use subscriptions with GraphQL using Apollo iOS SDK and Swift

In this quick tutorial, learn how to set up and use the Apollo iOS SDK library, which supports GraphQL subscriptions. You can generate all the subscriptions using the GraphQLSubscription protocol, passing parameters to the subscription you want to implement. The tutorial teaches how to utilize the GraphQL subscription feature to listen and send real-time messages using WebSockets.

Migrating to GraphQL at Airbnb

This blog discusses how Airbnb successfully migrated their large API to GraphQL, which led to improved page load times and a more intuitive user experience. The blog talks about the stack Airbnb used, how they handled aliasing and adapters to convert a GraphQL response, stage management, and other features in the project. Thomas Betts also explains all the benefits and improvements for Airbnb ever since they switched to GraphQL over REST.

Lessons learned using Single-table design with DynamoDB and GraphQL in production

This article shares some key learnings on utilizing DynamoDB to develop a fully serverless GraphQL API in production. It discusses which query access patterns are important, how to handle proper abstractions and create your own opinionated ORM, and more. Learn the dos and don’ts to prevent your table from consuming too many write capacity units and enable large scalability.


Rock solid GraphQL APIs by Charles Lee - GraphQL SF

In Charles Lee’s talk, he presents on how Shopify has been updating and deprecating one of their most used GraphQL APIs, with the help of permissions, visibility markers, and versioning. He explores the setup of their GraphQL API and explains why Shopify has versioned schemas, which helps local development provide checks to ensure version constraints.