A weekly newsletter of the best news, articles and projects about GraphQL


When Client Developers Love GraphQL To Death

This article discusses the importance of cost computation and limiting the size of server responses to prevent memory overload. Scott Malabarba explains how to calculate costs based with a sample schema of a book list app. He provides some solutions, like adding query cost computation and limits in complex data models, to add robustness and flexibility to your GraphQL APIs.


Protecting Your GraphQL API From Security Vulnerabilities

Tom Nagle provides insight into GraphQL security vulnerabilities that are useful to keep in mind when building a large-scale enterprise application or even a simple side project. He breaks down major threats, like brute forcing vulnerable mutations, and offers detailed solutions against various attacks. The article includes sample code as well as helpful tools to prevent your schema from being leaked in public environments.

How to use subscriptions with GraphQL using Apollo iOS SDK and Swift

In this quick tutorial, learn how to set up and use the Apollo iOS SDK library, which supports GraphQL subscriptions. You can generate all the subscriptions using the GraphQLSubscription protocol, passing parameters to the subscription you want to implement. The tutorial teaches how to utilize the GraphQL subscription feature to listen and send real-time messages using WebSockets.

Migrating to GraphQL at Airbnb

This blog discusses how Airbnb successfully migrated their large API to GraphQL, which led to improved page load times and a more intuitive user experience. The blog talks about the stack Airbnb used, how they handled aliasing and adapters to convert a GraphQL response, stage management, and other features in the project. Thomas Betts also explains all the benefits and improvements for Airbnb ever since they switched to GraphQL over REST.

Lessons learned using Single-table design with DynamoDB and GraphQL in production

This article shares some key learnings on utilizing DynamoDB to develop a fully serverless GraphQL API in production. It discusses which query access patterns are important, how to handle proper abstractions and create your own opinionated ORM, and more. Learn the dos and don’ts to prevent your table from consuming too many write capacity units and enable large scalability.


GraphQL performance explained

This blog post does a deep dive into GraphQL performance by examining what GraphQL implementation is doing. The post explains parsing, validation, and execution of a GraphQL query, and how we can reduce performance overhead of the GraphQL API with precompiled queries and mutations. Although applications that use GraphQL can be slightly slower initially, this article provides some tips on how to tweak them to achieve better performance results.


GraphQL Search Indexing

Learn from the Netflix Marketing Tech team about a different approach to searching with GraphQL and how to index data and make it searchable. The team shares how they used the relationships and schemas defined within GraphQL to automatically build and maintain a search database. The blog goes through the challenges of searching decentralized data, keeping everything up to date, periodic indexing, and more.

An Empirical Study of GraphQL Schemas

Check out this brief of the research paper “An Empire Study of GraphQL Schemas” that provides a summary of what GraphQL is, what performance benefits a GraphQL API offers, and what a “typical” GraphQL schema looks like. The research examines the differences between open-source schemas versus commercial schemas, using their findings to discover trends and consistencies in naming conventions, schema designs, and pagination patterns.


Building a Native GraphQL Database: Challenges, Learnings and Future

In this blog, Dgraph focuses on sharing how GraphQL was chosen as the native query language to build their graph database and the common issues their GraphQL engineers face. Manish Rai Jain explains how Dgraph extends the GraphQL syntax so that any part of a query can be collected in a variable. This blog also offers solutions to the N+1 problem and how to avoid latencies/performance concerns.

Scaling GraphQL at PayPal

Learn more about GraphQL best practices based on the observations PayPal has made while building GraphQL APIs. Mark Stuart discusses the adoption, tooling, and the journey from REST to Batch REST to finally GraphQL. With adoption, PayPal faced some challenges with enterprise scaling, handling authentication/authorization, and assembling a cohesive graph. The article provides great insight into how the engineering team at PayPal handled all the nuances the come with implementing GraphQL.

GraphQL CLI is back! Your Swiss Army Knife for the GraphQL ecosystem

After Prisma transferred the GraphQL CLI over to The Guild, they completely rewrote the project and closed over 100 issues. In his blog post about it, Urigo shares the updates made to the GraphQL CLI, its new features, and the variety of tools it integrates with. As the project is in an alpha phase, they also seek feedback from users and tools creators!


Why We Don’t See Many Public GraphQL APIs

Marc-André Giroux describes his experience and learnings from the API Specifications Conference, where he noticed that most GraphQL APIs seem to be either private or partner related. This article breaks down what conventions can lead to good public APIs, which use cases to focus on, and how to secure APIs. He also provides his thoughts on the future of public GraphQL APIs and potential tradeoffs for developers and other companies.

Behind Graphql: A first-principles approach

This article by Bogdan Nedelcu questions the process of adopting GraphQL in replacement of traditional REST APIs. He breaks down the well-known design patterns, like the API Gateway, Integration Database, and Data Federation pattern, while discussing the advantages and limitations that GraphQL inherits from these patterns. The article also provides tips on solution patterns for GraphQL that can be used to help scale and increase development speed.

3 ways of strengthening your GraphQL API

This brief article explores some options to help make collaboration on a GraphQL API a smoother experience. Tomek Poniatowicz uses GraphQL Inspector, a CLI tool, to detect changes and validate documents against schemas to improve development efficiency. He also mentions the GraphQL Editor tool that helps build and manage GraphQL schemas visually, including the different features the tool has. Learn more on how you can improve the structure and development of your GraphQL APIs in this article.


Is GraphQL Still Relevant in an HTTP2 World?

This interesting article by Marc-André Giroux discusses the power of HTTP/3 and how multiplexing changes HTTP APIs. He questions whether the reasons to use GraphQL are still valid, since part of GraphQL’s appeal is that it helps manage HTTP/1 connections better. He also argues for both benefits and downfalls of HTTP/2 and GraphQL, mentioning his thoughts on what the future of APIs might look like.

Why is everyone so emotional about GraphQL?

This blog examines the foundation of GraphQL and the community’s differing responses on the rise of implementation and increasing replacement of REST. Matt McLarty shares some advice to GraphQL advocates, REST experts, and those alike. He proposes that GraphQL and REST should no longer be separated into such distinct dichotomies, but should work together and coevolve to create better, well-designed APIs.


Easily Deploy GraphQL APIs with Serverless Components

A great walkthrough on how to use the brand new Serverless Components to deploy a GraphQL API on AWS in minutes. The step by step tutorial takes you through every step from configuration all the way to consuming your lambda deployed GraphQL API.

Getting Started with GraphQL and React Native

A simple yet insightful tutorial for React Native developers trying to learn GraphQL. Jamie, the author, helps you harness ApolloClient to build a beautiful coffee e-commerce native application. By providing strategies on how to use context for better state management, this articles even touches on some best practices for React Native architecture and data management.


Efficient GraphQL queries in Ruby on Rails & Postgres

This article discusses what N+1 queries are, how they are easily produced in GraphQL, and how to solve them using the graphql-batch gem along with a few custom batch loaders. Leigh Halliday also covers the techniques to optimize GraphQL queries, efficiently handle batch loading, and lazy-load data only when required. To get started, the source code and resources can all be found throughout the article.


How to Add File Upload to Your GraphQL API

This detailed guide explains the recent addition to the GraphQL specification, file upload, and how to upload files directly with GraphQL APIs. John Au-Yeung shares his process on building an image gallery app that accepts file uploads along with text data using Express and an Angular frontend. The sample code throughout the tutorial demonstrates how to define types of data for queries and mutations and how to make the GraphQL request to the API.

A Gentle Introduction To GraphQL With Elixir And Phoenix

This comprehensive tutorial teaches how to build a working GraphQL app using Elixir and Phoenix. The guide starts with setting up a new project, adding the library Absinthe, and creating GraphQL queries. It also explains how to design the data shape as well as writing mutations and resolvers. Learn how to utilize GraphQL’s ability to fetch huge data sets and implement GraphQL APIs in Elixir to build high performance and low maintenance systems.


GraphQL: Overlapping Fields Can Be Merged Fast

In this article, Simon Adameit, an engineer at XING, breaks down the algorithm he developed that significantly improves the runtime performance of the GraphQL validation Field Selection Merging. He showcases the improvements the algorithm provides when there are multiple fragments in the query. He also explains with runtime data how the algorithm works and how to implement it into the mainline.

What The Heck Is GraphQL?

This blog post includes a special podcast with 14 GraphQL experts from the community that offers an introduction to GraphQL and how the query language has evolved and grown in popularity. They discuss React Hooks, when not to use GraphQL, and the differences between GraphQL and REST. The post also provides a list of accessible resources that were mentioned throughout the podcast, like useful guides and playgrounds for learning/using GraphQL.


The Ultimate Guide to handling JWTs on frontend clients (GraphQL)

Learn how to handle authentication with Hasura as they demystify what a JSON Web Token is and discuss the best practices in setting up a GraphQL client to accept a JWT auth token. This article provides great insight on token usage, error handling, refresh tokens, and persistent sessions. References and sample code of an end to end working app with server side rendering capabilities are available at the end of the article.

Adopting GraphQL and Apollo in a Legacy Application

The development teams at Trello share their journey of modernizing their legacy architecture and incrementally adopting GraphQL, Apollo, React, and TypeScript. The blog explains the sizable benefits to adopting a GraphQL schema on the frontend and how to wrap an API with Apollo client. There are examples on translating a GraphQL query into a REST API request as well as writing local resolvers to fetch requested data from your REST API.


Using GraphQL to Improve Data Hydration in our Customer Care Platform and Beyond

The engineers at Uber share how GraphQL has significantly decreased the amount of code engineers have to write to add new features and has helped streamline development. Kunyao Liu describes the nature of using a service-oriented micro service architecture and the need for new data hydration tooling. Read more on Fusion.js and how Uber’s Customer Care Platform frontend connects with their GraphQL server.

Federated GraphQL Server at Scale: Zillow Rental Manager Real-time Chat Application

This blog discusses how Zillow utilized GraphQL to develop a central communication platform that provides in-app chat functionality for both renters and property owners. Akshar Takle breaks down the frontend and backend architecture and explains why a federated schema was the best solution for team independence and reusability.


How we learned to stop worrying and love GraphQL

Read more about why the engineers at Revolut adopted GraphQL and their journey from implementing GraphQL over their REST/RPC endpoints. Andrew Los details the issues GraphQL solves, such as typescript and stale API typings, and the migration from Redux to Apollo for the data layer.

Building Resilient GraphQL APIs Using Idempotency

This blog explains how Shopify built a new Payment Service that utilizes GraphQL and API idemopotency. The blog presents the difficulties with non-resilient payment services that could fail to complete a charge or even double-charge buyers. Todd Jefferson also dives into the team’s thought process on choosing API level idemopotency, the steps on GraphQL implementation, and some drawbacks of API idempotency.


How we manage live 1M GraphQL Websocket Subscriptions

Learn about how the folks at Hexact Inc. have been handling the live 1 million GraphQL web socket subscriptions on Google Cloud Kubernetes. Tigran Bayburtsyan explains how their infrastructure is set up and how they used a custom-built PubSub library. The article also discusses the benefits to using GraphQL subscriptions to provide more interactive UI to users.

Migrating from Redux to GraphQL

Ming Horn from NerdWallet shares some tips and learnings on migrating several screens from Redux to Apollo GraphQL. She takes you through the steps of migration, from writing GraphQL schema and resolvers to making your first query. She mentions the two complex issues she ran into with the schema and Redux store and how she solved the issues with a HOC.

How to Secure a GraphQL API

This in-depth guide details how to implement some of the best practices in securing a GraphQL API from abusive queries by clients. Sample code snippets are provided throughout on how to limit query complexity, automatically persist queries, rate limit based on server time, and more. The guide includes resources to help protect your GraphQL endpoint and apply best practices for authentication and authorization.


Type safety in microservices using GraphQL and TypeScript

This two part series details how to handle type safety in a microservices architecture. The blog discusses the different schema approaches, code-first and schema-first, and how to generate Typescript types from your schema. Part 1 focuses on type safety between the frontend and backend and includes examples using GraphQL Codegen to convert types exposed in a GraphQL schema back into TypeScript types.

Architecting a Roles & Permissions System Using Rails, GraphQL & React

This in-depth tutorial explains how Atrium, a tech-enabled law firm, has designed and built a custom permissions system that allows for more efficient and logical workflows. Sam Henderson adds useful advice and tips on how to establish goals for permission systems, naming conventions, and how to bundle permission sets into roles.