A weekly newsletter of the best news, articles and projects about GraphQL


Securing Your GraphQL API from Malicious Queries

If not properly secured, it's easy for attackers to overload and potentially take down GraphQL APIs, e.g. by sending deeply nested queries. In this article, Max Stoiber shares the approach they used at Spectrum to protect their GraphQL API from malicious requests.

Exploring different GraphQL Clients

For the longest time Apollo and Relay have been the most dominant GraphQL clients. Today, there are multiple other projects that emerged over the last couple of months, such as graphql-request or urql. Read this excellent article by Abhi Ayer to get an overview of the current GraphQL client landscape.


How to wrap a REST API with GraphQL

Wrapping REST APIs is one of the most exciting applications of GraphQL! This tutorial describes how you can turn a REST into a GraphQL API in 3 simple steps.
If you want to learn more about this topic, be sure to also watch Jon Wong's talk from the last GraphQL SF Meetup: Wrapping REST with GraphQL.

Tools & Open Source


Another approach to implement permissions in your GraphQL server is by using custom directives right inside your GraphQL schema definition. Check out this example by Dennis Walsh to learn more.


Matic Zavadlal has created a nice little library to secure GraphQL servers: "GraphQL Shield helps you create permission layer for your application. The idea behind it is to separate the permission logic from your application logic. This way you can you can make sure no request will ever be resolved if it wasn't meant to be."