A weekly newsletter of the best news, articles and projects about GraphQL


Exploring promising new feature proposals for the GraphQL Spec

The GraphQL specification is an ongoing work in progress. It is fueled by a vibrant community of awesome individuals, who regularly assess new potential features and guidelines to improve the spec. In this article, Leonardo Losoviz picks five proposed feature requests from the GraphQL Spec GitHub repo, and demonstrates how these could be used to drive the spec forward.

Introduction to the Node.js reference architecture, Part 4: GraphQL in Node.js

The Node.js reference architecture is a collection of documents from Red Hat and IBM, that aims to provide some guidance on developing Node.js applications. In part four of this series, Wojciech Trocki steps through some of the discussions the team had about implementing a GraphQL server - accompanied by comical illustrations.

Introducing Apollo Server 3

Apollo Server is one of the easiest ways to create a GraphQL API. Join Vivek Ravishankar, as he steps through some of the "under the hood" improvements the team have been working on, that will improve Apollo's ability to build better, more extensible features over time.

Introducing Envelop - The GraphQL Plugin System

Envelop is The Guild's new plugin system for GraphQL. In this article, Dotan Simha steps through why GraphQL needs a plugin system, and how Envelop solves this problem.


Analyzing public data from Google Trends, StackOverflow, GitHub and HackerNews

Is the GraphQL hype over? In this article, WunderGraph uses BigQuery to compare datasets from Google Trends, HackerNews, GitHub and StackOverflow, in an attempt to determine whether interest in GraphQL is in decline.

Using GraphQL to ship features before they’re done

GraphQL represents a fundamental shift in how developers build features. In this article, Joe Staller hypothesizes how a decoupled schema can provide the kind of flexibility that enables a zero-downtime migration - allowing partially-complete features to be shipped.

Securing a GraphQL API using rate and depth limits

GraphQL makes writing queries across related datasets super convenient. Unfortunately, this can lead to computationally expensive queries that slow down the server. In this article, Kumar Abhirup looks at how implementing rate and depth limiting can help to reduce the complexity of queries - significantly improving the performance of a GraphQL server, and reducing the impact of malicious attacks.

Modeling an Instagram clone using GraphQL and Dgraph Cloud

GraphQL helps to encapsulate the interconnected relationship between entities in an application. In this article, Abu Sakib steps through modeling the schema for an Instagram clone, and how this could be implemented using Dgraphql Cloud.

Why you can't replace REST with GraphQL

Is GraphQL actually a replacement for REST? In this article, Suhas Deshpande explains how Courier are using a combination of both to serve their customers, and why it might not be as simple as implementing one option or the other.


The Do's and Don’ts of Testing Apollo in React

Writing tests is essential for any application that aims to be scalable, robust and allow its developers to sleep at night. In this article, Adam Hannigan explains how React Testing Library can be used to test a GraphQL API, and help improve the confidence and quality of releases.

On scaling graphql subscriptions

GraphQL is a superb technology. But as with all technologies, you may end up shooting yourself in the foot. In this article Alexandre Gaudencio explains how Slite designed their first real-time GraphQL implementation, how it ended up DDOS-ing their system, and how they fixed it.


Build a serverless, real-time application with modern APIs: The GraphQL Real-time Race

AWS has some powerful tools for building real-time applications. In this tutorial, Mark Ramrattan documents his experience completing the AWS GraphQL Real-time Race Workshop, and steps through how to use AWS AppSync, AWS Amplify, Amazon Location Service to build a real-time Formula 1 tracking application.

GraphQL Exploitation - Part 3- Injection attacks and XSS attacks

Like any API technology, GraphQL is vulnerable to malicious attacks, and needs to be configured correctly to avoid being compromised. In this article, Manmeet explores how a default GraphQL configuration could be vulnerable to injection attacks and cross-site scripting (XSS).

Collecting GraphQL Live Query Resource Identifier with GraphQL Tools

GraphQL live queries can be a more elegant solution for handling real-time updates than subscriptions. In this article, Laurin Quast investigates whether subscribing to changes in data, rather than events, could allow for more efficient queries and reduce unnecessary updates to the client's cache.


Rate Limiting GraphQL APIs by Calculating Query Complexity

GraphQL opens new possibilities for rate limiting APIs In this article, Guilherme Vieira shows how we can leverage GraphQL to address limitations of methods commonly used in REST APIs. He also explores how Shopify calculates query complexity that adapts to the data API clients need while providing a more predictable load on servers. Follow along with Guilherme to find out more about query complexity in GraphQL.

The Spec, Simplified: Validation & Execution

The Spec, Simplified is a series by Loren Sands-Ramshaw that explores the GraphQL spec in-depth. In this last installment, Loren shows how GraphQL servers validate and execute requests, and how they format the response data and errors.

Designing a URL-based query syntax for GraphQL

Caching in GraphQL can be difficult. Currently, if we want to use HTTP caching in GraphQL, we must use a GraphQL server that supports persisted queries. That’s because the persisted query will already have the GraphQL query stored in the server. As such, we do not need to provide this information in our request. In this article, Leonardo Losoviz looks at how a URL-based query syntax plays into caching.

The joy of end to end type safety

In building large scale TypeScript applications, we have seen the benefits of types. They elevate our quality, eliminating whole categories of bugs and they enrich the development experience. In this tutorial, Craig Sullivan shows how to accomplish end-to-end type safety using GraphQL.


GraphCDN – The GraphQL CDN with edge caching, analytics and security protection

Tim Suchanek and Max Stoiber officially launched GraphCDN on ProductHunt today. GraphCDN is a GraphQL edge cache that sits in front of your GraphQL API as a gateway and caches your queries in 58 worldwide data centers. You can invalidate specific objects (e.g. <code>purgeUser(id: 5)</code>) and GraphCDN will purge any cached query result that contains that data. On top of that, they also give you powerful analytics about your queries and mutations and protect your GraphQL API with features like DDOS protection and query depth limiting.

The Spec, Simplified: The Type System

Most people who use GraphQL haven’t read the spec, often because it sounds or looks intimidating. In this post, Loren Sands-Ramshaw goes over the essentials of the query language section of the spec, including the schema, types, descriptions, scalars, enums, and more. Follow along with Loren to learn more about the GraphQL spec.

Querying Strategies for GraphQL Clients

As more clients rely on GraphQL to query data, we witness performance and scalability issues emerging. Queries are getting bigger and slower, and net-new roll-outs are challenging. The web & mobile development teams working on Orders & Fulfillments spent some time exploring and documenting our approaches. On mobile, our goal was to consistently achieve a sub one second page load on a reliable network. After two years of scaling up our Order screen in terms of features, it was time to re-think the foundation on which we were operating to achieve our goal. We ran a few experiments in mobile and web clients to develop strategies around those pain points. These strategies are still a very open conversation internally, but we wanted to share what we’ve learned and encourage more developers to play with GraphQL at scale in their web and mobile clients. In this post, I’ll go through some of those strategies based on an example query and build upon it to scale it up.

Using GraphQL with Axios and Redux

In this article, Hetav Desai shows how you can use GraphQL with Axios and Redux, including error handling. A basic understanding of how GraphQL, Axios, and Redux work will be helpful as you follow along with the tutorial. Follow along with Hetav to learn more about how GraphQL, Axios, and Redux can be used together.

GraphQL, the Universal Query Protocol, and the Free TON Blockchain

In short, GraphQL is a protocol that defines an algorithm for searching information in a database. It was born in the depths of good old Facebook as a response to the request of users and developers. The challenge faced by the creators was to optimize the algorithm for processing search queries on the platform.


How to Build a GraphQL API Using Laravel

In this article, Tamerlan Gudabayev walks through how to set up your own GraphQL API using PHP and Laravel. Tamerlan covers migrations and models, seeding a database, defining types, schemas, mutation classes, and more. Follow along to learn more about how to use GraphQL with PHP using Laravel.

How to Build a Task Manager Application Using React, Airtable and GraphQL

Jesus Manuel Olivas recently prototyped a low-code proof-of-concept using React, Airtable, BaseQL, GraphQL and ClerkDev. In this article, Jesus walks through the setup and how to tie all the pieces together. Follow along to learn more about how to use GraphQL in a low-code context.

Polyglot persistence for PostgreSQL & MySQL using GraphQL & TypeScript

Should you use PostgreSQL or MySQL for your next project? Are you moving cloud providers and don't have both options available? Maybe you'd like to start with one option and be able to make the switch later on. Why decide now when you can have both options without any tradeoffs?


What happens if we treat GraphQL Queries as the API definition?

When you ask someone about their API definition in the context of GraphQL, the obvious answer is "the Schema". But what if instead, we use GraphQL Queries as the API definition?

GraphQL: cloud to autonomous yard truck connectivity

More and more GraphQL usage is showing up in applications everywhere as developers recognize the benefits over developing REST and other HTTP-based APIs. However, due to its relatively young age, it lacks a broad range of support across toolkits and libraries. This makes it harder to adapt legacy applications or clients to this new way of communicating. At Outrider, we’re modernizing a critical step in the supply chain and at the same time modernizing communication channels by encouraging the use of our GraphQL API. These integrations enable a live and holistic view into yard operations, in which historically data has been stale and siloed.

The GraphQL Spec, Simplified

The GraphQL Spec, Simplified is a 3-part series starting with the query language, including definitions of the document, operations, selection sets, named and inline fragments, built-in directives, and more. Follow along with Loren Sands-Ramshaw to learn more about the GraphQL spec in an easy-to-understand way.

Making Dgraph a truly GraphQL-native database

From a time of no GraphQL support, to supporting GraphQL natively with as good speed as DQL, Dgraph has improved a lot in the past year. If you compare the v21.03 release with the v20.03 release, you would find that your GraphQL queries are magically ~33% faster. In this article, Abhimanyu Singh Gaur talks about how Dgraph is now a truly GraphQL-native database and why it matters for performance.


GraphQL vs REST—Can GraphQL replace REST?

While REST has been (and still is) a popular way of exposing data to applications, the growing complexity and evolution of development has made it less viable in a range of scenarios. In this post, Abu Sakib talks about how GraphQL can be a suitable replacement for REST and be a game-changer in the API ecosystem. Follow along with Abu to find out more about how GraphQL can replace REST.

That single GraphQL issue that you keep missing

With the increasing popularity of GraphQL, it's important to think about security vulnerabilities. GraphQL implementations are often affected by CSRF. In this article, Tomasz Swiadek and Andrea Brancaleoni go in-depth on how GraphQL is vulnerable to CSRF attacks and what can be done to solve it. Follow along to find out more about the vulnerabilities that might exist in your GraphQL app and how you can protect them.


The most powerful GraphQL Client for the web in just 2kb

Over the last couple of years, we've seen a constant evolution of GraphQL tooling. Developers try to get the maximum out of the constraints they've set for themselves. WunderGraph breaks with these rules to make room for something new. This post describes how the next generation of GraphQL clients change the way we can think about GraphQL as a technology.

GraphQL requests made easy with React Query and TypeScript

Given on a GraphQL schema, we can automatically create TypeScript types for the entire API on the frontend. What’s more is we can easily autogenerate fully-typed custom React hooks for a data-fetching library like React Query. In this article, Iva Kop shows how to set up a GraphQL project with TypeScript and React Query and demonstrates how to autogenerate types.

Stored Procedures, ORMs, and GraphQL

In this article, Steve Smith provides the background and history of ORMs and stored procedures and makes the case that GraphQL is really a new kind of ORM. He goes into detail about thick/smart clients, how APIs serve as stored procedures, and more.

Demystifying GraphQL Queries

In this tutorial, Jaden Baptista provides an overview of what GraphQL is and how it compares to REST. Jaden goes into detail about types, queries, and more to show how GraphQL isn't magic once it's understood. Follow along with Jaden to learn more about GraphQL from the ground up.

5 Headless CMS That You Can You Use To Distribute Content Freely

Lahaul Seth has put together a list of five headless content management systems that can be used for free. GraphQL can be used with many of those listed, including Strapi, Graph CMS, and Sanity. Check out the list for more information on these great free options and choose one for your next project.


Announcing the Neo4j GraphQL Library: Build Low-Code GraphQL APIs Faster

Neo4j has just announced the general availability of the Neo4j GraphQL Library. The library is extensible, low-code, and open source and is designed for building API-driven, intelligent applications faster by tapping into the power of connected data. Read the announcement article to learn more about Neo4j and how to use it in GraphQL with their Neo4j GraphQL Library.

Supercharging file-based content with GraphQL

Tina GraphQL gateway brings reliability to Git-based content management. It acts as an essential piece to provide robust structured content while allowing for portability. In this article, Jeff See demonstrates how to create a blog with Next.js and GraphQL using Tina GraphQL gateway. Follow along to find out more about how you can use your filesystem as a CMS with confidence.

I built a chat app using React and GraphQL

In this tutorial, Abdou Ouahib shows how to build a realtime chat application using React and GraphQL. The front end technologies used include Redux, MaterialUI, and Apollo Client. On the backend, Abdou uses Node, Apollo Server, TypeGraphQL, and PostgreSQL. The app features include user authentication, profiles, friends, notifications, and more.

Graphql Exploitation - Part 2- Unauthorized Execution Of Queries

Like all APIs, those built with GraphQL are not immune to potential exploitation. GraphQL also has some unique features that open up attack vectors that must be considered for any real world app. In this follow-up article, Manmeet shows how unauthorized queries can be executed in GraphQL and how this and other vulnerabilities might be exploited. Follow along with Manmeet to learn more about how you can secure your GraphQL API.


TypeScript with GraphQL done right

Advanced types give your code and open-source libraries the power of providing an API that manipulates data (your application objects) without breaking the “types chain”. In this article, Charly Poly discusses how to get the most out of your React application types with GraphQL code generation and demonstrates how to reason about and make use of advanced types. Follow along with Charly to learn more about TypeScript, React, GraphQL, and how they all fit together.

Dgraph v21.03: Resilient Rocket Release

Dgraph has just announced version 21.03, its first release of 2021. The latest update to Dgraph's native GraphQL graph database includes Apollo federation, upsert mutations, lambda webhooks, and more. Check out the launch announcements to learn more about Dgraph's latest features and how you can use them today.

Nhost is an open source Firebase rival backed by GitHub’s founders

Nhost is an open source backend-as-a-service that serves as an alternative to Firebase and includes a real-time GraphQL API. The company has just announced a $3m round of funding led by Nauta Capital. The company is also backed by angel investors, including GitHub founders Scott Chacon and Tom Preston-Werner. Read more about Nhost's fundraising and how they intend to use it to expedite building out their product.

Connect Amplify DataStore with existing SQL datasources; adding offline and sync features in your application

Amplify DataStore is a library that provides a programming model for leveraging shared and distributed data without writing additional code for offline and online scenarios. With the Amplify CLI, you can easily set up a new application that leverages AWS AppSync and sets up Amazon DynamoDB to power your DataStore application. In this article, Rene Brandel and Brice Pelle show how to use Amplify Datastore, including how to prepare the database, how to configure the backend with the Amplify CLI, and more. Follow along to learn more about AWS Amplify.


Releasing The GraphQL Guide

John Resig and Loren Sands-Ramshaw have just released <em>The GraphQL Guide</em>, a complete reference text for GraphQL. The guide is 886 pages and covers topics such as HTTP, testing, authentication, the GraphQL spec, client libraries, and much more. The authors have provided a 20% launch discount which is valid until April 25. Check out The GraphQL Guide to level up your GraphQL knowledge today.

HTTP caching in GraphQL

GraphQL doesn't come with any built-in support for server-side caching, an issue which often trips up GraphQL server developers. Although not officially supported, there are ways to accomplish HTTP caching with GraphQL. In this article, Leonardo Losoviz goes into detail about how to achieve server-side caching with GraphQL. He talks about accessing GraphQL via GET requests, using persisted queries, and more. Follow along with Leonardo to learn more about how to make your GraphQL servers more performant through caching.

GraphQL Tutorial for Server-Side Swift with Vapor: Getting Started

In this tutorial, Max Desiatov covers how to get started with GraphQL and Server-Side Swift using a concrete API as an example. Max shows how to build a TV show listing API from top to bottom and covers many details of GraphQL along the way, including how GraphQL differs from REST, how to declare model types, fields, queries, and mutations, and more. Follow along with Max to learn more about how to use GraphQL in a Swift app.


Databases, graphs, and GraphQL: The past, present, and future

GraphQL was never conceived as a query language for databases. Yet, it's increasingly being used for this purpose. This article by George Anadiotis explores how and where GraphQL fits in as a query language for databases, the projects and companies that are using it for that purpose, and what the tradeoffs are. Follow along with George to learn more about GraphQL as a query language for databases.

An Advanced GraphQL with Spring Boot and Netflix DGS

In this article, Piotr Minkowski demonstrates how to use the Netflix DGS library to simplify GraphQL development with Spring Boot. He shows advanced topics related to GraphQL and databases such as filtering or relationship fetching. Follow along with Piotr to learn more about how Netflix DGS and Spring Boot can be used together.

Weaviate is an open-source search engine powered by ML, vectors, graphs, and GraphQL

Weaviate is an API-based vector search engine with a graph data model that allows users to add data objects as graph nodes and (automatically or manually) add (machine learning) vectors to represent the nodes. Weaviate can be used for use cases ranging from similarity search to filtering out redundant information (i.e., deduplication) and from image search to enterprise NLP-based search.


How To Condense Your GraphQL Queries With the @materializer Directive

The @materializer directive is a custom directive by StepZen that helps GraphQL API developers reduce the amount of code they need to write. In this article, Lucia Cerchie demonstrates how to use the directive and how developers can benefit from it. Follow along with Lucia to find out more about how you can reduce the amount of code required for your GraphQL servers.

Reducing database queries to a minimum with Data Loaders

A data loader is an abstraction between application code and some backing store, such as a database, allowing batching of requests and caching. In this article by Sixfold, the data loader pattern is explored in more detail in context of Kafka consumers. Read on to learn more about data loaders, Kafka, and how they fit into a GraphQL application.

Forget REST. Here's How to Make a GraphQL API with Laravel

Lighthouse is a GraphQL framework that integrates GraphQL into Laravel applications. In this article, Lloyd Miller demonstrates how to use Lighthouse to expose a GraphQL API from a Laravel app. He covers the installation process, how to create database migrations, how to create a schema, and more. Follow along with Lloyd to learn more about how to use GraphQL in a Laravel app.


Build a Basic GraphQL Server with ASP.NET Core and Entity Framework in 10 Minutes

In this article, Rahul Rai shows how to build a GraphQL server using GraphQL, Autofac, EFCore and the repository pattern. The extensive tutorial goes through the setup process, how to create API models, how to set up a database, and more. Follow along with Rahul to learn more about how to use GraphQL with ASP.NET.

Top 7 GraphQL IDEs you should know about in 2021

The GraphQL ecosystem has grown dramatically since the technology's inception in 2012. IDEs are an important part of the GraphQL toolchain. In this blog post, Vishwa Mehta from Hasura goes through a list of the top 7 IDEs that you should know about in 2021. The list includes popular IDEs like GraphiQL, Insomnia, and Postman, but also includes lesser-known ones. Check out the list of the top 7 GraphQL IDEs to learn more about them and their benefits.

How I’m Developing My Full Stack Web App “With the Guards Up” By Using Apollo and GraphQL

Those familiar with bowling will no doubt have seen how the gutter can be inverted such that the ball is not able to go off track. In this article, Kieron Mckenna brings the analogy of bowling lane guards to app development as he walks through his approach to building full-stack apps "with the guards up". He talks about the problems that we often face when building out an API and a front end to access data from it and shows how we can benefit from tools like Apollo (Client and Server), GraphQL Code Generator, Prisma, and Typescript to make our lives easier.

Building a Realtime GraphQL Chat Application With SMS Notifications

With the emergence of GraphQL came a new way for developers to develop client/server applications. The benefits of developing GraphQL applications are numerous, from explicitly requesting what you need from the server to real-time event-driven communication through subscriptions. This article highlights code-first GraphQL and its superpowers. The article also outlines how to develop a chat application powered by Next.js and Apollo on the frontend, and Prisma, graphql-yoga and SMS notification using the excellent Vonage SMS API on the backend.

The Data Access Layer in Jmix: JPA on Steroids

JPA is a de-facto standard for creating a data model for Java applications. This API does not provide facilities to implement advanced security features or soft deletes so developers have to implement their own solutions. In this article, Andrey Belyaev discusses the data access layer in Jmix and talks about what can be done with this framework and its tools. He then shows how data access works under the hood.