A weekly newsletter of the best news, articles and projects about GraphQL


Rate Limiting GraphQL APIs by Calculating Query Complexity

GraphQL opens new possibilities for rate limiting APIs In this article, Guilherme Vieira shows how we can leverage GraphQL to address limitations of methods commonly used in REST APIs. He also explores how Shopify calculates query complexity that adapts to the data API clients need while providing a more predictable load on servers. Follow along with Guilherme to find out more about query complexity in GraphQL.

The Spec, Simplified: Validation & Execution

The Spec, Simplified is a series by Loren Sands-Ramshaw that explores the GraphQL spec in-depth. In this last installment, Loren shows how GraphQL servers validate and execute requests, and how they format the response data and errors.

Designing a URL-based query syntax for GraphQL

Caching in GraphQL can be difficult. Currently, if we want to use HTTP caching in GraphQL, we must use a GraphQL server that supports persisted queries. That’s because the persisted query will already have the GraphQL query stored in the server. As such, we do not need to provide this information in our request. In this article, Leonardo Losoviz looks at how a URL-based query syntax plays into caching.

The joy of end to end type safety

In building large scale TypeScript applications, we have seen the benefits of types. They elevate our quality, eliminating whole categories of bugs and they enrich the development experience. In this tutorial, Craig Sullivan shows how to accomplish end-to-end type safety using GraphQL.


From Schema Stitching to Federation: Expedia’s Journey

Join Shane Myrick, Senior Software Developer at Expedia Group, as he shares how Expedia scaled their graph across multiple teams, lines of business, brands, and platforms. See what considerations drove them to evolve from code-based schema stitching to the declarative approach of Apollo Federation.

Tools & Open Source

Damn Vulnerable GraphQL Application

Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a GraphQL application, allowing developers and IT professionals to test for vulnerabilities. DVGA has numerous flaws, such as Injections, Code Executions, Bypasses, Denial of Service, and more. Check out the article and repo to learn more about how to improve your GraphQL security posture.