A weekly newsletter of the best news, articles and projects about GraphQL


OAuth2 authentication for GraphQL in Node.js

If you’re looking to secure access to your GraphQL APIs with OAuth2, make sure to read this article by Bruno for a helpful guide on implementing this using Node.js.

10 Decisions Stellate Made Around Opening Up Their GraphQL API

Stellate recently announced their open GraphQL API, giving anyone full access to integrate with their platform. In this blog post, they share how they went from an internal GraphQL API used by the dashboard only to having a public version usable by everyone in just two weeks.

Build flexible GraphQL APIs by treating the schema like a database

In this post, Jens shares a new Architecture pattern for building flexible GraphQL APIs. By treating your GraphQL Schema like a Database, you can build use-case agnostic and flexible GraphQL APIs.


Getting Started with GraphQL API with Node.js Backend Support

If you are new to GraphQL and are using Node.js, this guide will show you how GraphQL works, how it differs from REST APIs, and how to write your first GraphQL service.

Adding Authorization to a GraphQL Server

Learn about the different ways you can add authorization and access controls to your GraphQL API, their advantages and disadvantages, and best practices. And learn how Cerbos can help with that.

What Makes Defending GraphQL APIs Challenging to Security Engineers

Monitoring GraphQL APIs for security-related incidents and identifying suspicious queries and exploitation attempts requires different specialized tooling and processes. This article helps identify what you need to look for and how to adapt your toolchain and monitoring solutions.


Pentesting GraphQL 101 Part 1 - Discovery

Karim Rustom shares his GraphQL security experience from the point of view of an attacker/pentester and guides us through the steps required to test your API. This article deals with discovery. Make sure to read the other parts of the series as well.

How we send data from Django to Gatsby.js through GraphQL

Maciej Baron shares how to use a Django-based GraphQL API as a custom, tailored CMS for your Gatsby-powered site. He walks us through setting up a GraphQL source within Gatsby, creating pages based on the data, and integrating with the Gatsby image processing pipeline.

How Priceline.com manages PCI compliance with GraphQL

Managing PCI compliance is a tricky topic for all companies. It gets even more challenging if you have all your data in a single GraphQL API available to your internal and external tooling. Mike Byrnes from the Priceline team delves into how they solved this using Apollo GraphQL.


Merge GraphQL Schemas using Apollo Server and Koa

Anton Kalik from the CoverWallet team looks at how to merge two GraphQL schemas using Apollo Server and Koa middleware to provide a unified API for your clients.

GraphQL Security Testing Without a Schema

Is it possible to passively observe traffic from a GraphQL API and piece together a schema? That’s the question that started Alex Leahu’s journey to build GraphQuail and some observations on testing a GraphQL service without knowing the schema.

How to fetch data in React Native using Apollo Client

Lauren Steven takes you from start to finish using Apollo Client within your React Native project, including configuration and how to use React hooks to fetch data.

Stellate Open GraphQL API Pilot Program

Stellate, hosts of GraphQL Weekly, are focused on building GraphQL tooling daily, every day. Let us know if you are looking into making your GraphQL API public and would like some help from a team operating APIs with billions of requests per month. We’d love to help!


GraphQL Observability

Marc-André dives into GraphQL Observability, which questions you should ask yourself when assessing your tooling, and provides tips on implementing or improving your setup.

Overview of GraphQL Frameworks in Java

If you’re working with Java and want to add GraphQL to your stack, see Rahul's article, which provides an in-depth overview of the various clients and their advantages and shortcomings.


GraphQL for Beginners: Schema-first vs Code-first

Victoria looks at the two ways we can build our GraphQL APIs, how they differ, and their respective advantages and disadvantages.

Stellates GraphQL Metrics: Full Observability for Your GraphQL API

Stellate recently released a new dashboard and, as part of that release, a completely revamped GraphQL Metrics product that provides full observability for your API.

Forging GraphQL Bombs, the 2022 version of Zip Bombs

While ZIP Bombs are a thing of the past, their concept is still relevant. Gautier from Escape looks at how those concepts can be applied to GraphQL and, more importantly, how to mitigate those attacks.

Scaling GraphQL with Redis Consumer Groups

The team at Parabol saw their GraphQL API response times starting to increase and looked into how to improve their setup. They decided to scale their backend based on Redis Consumer Groups and write up their experience.


A Guide to GraphQL Rate Limiting & Security

Rate limiting and securing server resources are central problems when developing any API. We want to prevent clients from being able to affect the experience of other clients or simply avoid being taken down. Marc-André Giroux dives into the rate-limiting of GraphQL APIs, how to get started, what else to keep in mind and his recommendations.

GraphQL Optimization: Deduplication & Reuse

In the 2nd article of the series, Bobbie Cochrane and Dan Debrunner explain how Deduplication and Reuse can help to reduce the number of backend requests for a GraphQL operation and improve the performance of your services.

Schema Governance Approaches for GraphQL

Isha from the Walmart Engineering team outlines Walmarts approach to ensure onboarding the various subgraphs to their federated gateway is a smooth and easy process that doesn't run into collisions and eliminates concerns ahead of time.

Unleash the Power of Fragments with GraphQL Codegen

Lauring Quast and The Guild extract some of the standout features that make Relay such a powerful GraphQL client and make them available to other clients via a new GraphQL Codegen plugin.


GraphQL Performance Testing With Apache JMeter

Mohamed looks into performance testing of your GraphQL APIs with Apache JMeter.

GraphQLGate - Rate Limiting with Query Complexity for Node.js

Evan introduces a new open source library that helps you implement rate-limiting and query complexity analysis for your Node.js and Express-based GraphQL services.

No, GraphQL Persisted Queries are not “Reinventing a REST API”

Marc-André looks into Persisted Queries, their advantages, and the problems they help solve. And why using APQs did not magically transform your GraphQL server into a REST API.


NX: Integration testing Apollo GraphQL and MongoDB Mongoose with Jest

This article will teach you how to create integration tests for a microservice built with Apollo Server Express and MongoDB Mongoose.

Implement Relay Cursor Connections Specification in NestJS with GraphQL Relay

Pagination in GraphQL can be a pain to implement, especially if you don't have a good architecture in place. This article will show you how to create a simple interface that will make pagination easier for you.

How to Build a Photo Sharing App with Nuxt 3, GraphQL, Cloudinary, Postgres and Strapi

This tutorial will show you how to set up a Headless CMS using a Strapi backend with PostgreSQL as the database and Cloudinary for image uploads. We'll also look into using Nuxt 3 for our frontend, which has SSR support and is compatible with Vue3.


Neo4j and GraphQL in One Toolbox

The Neo4j GraphQL Toolbox is a new user interface that allows you, with minimal effort, to write and execute GraphQL queries and mutations against your Neo4j database, with absolutely no setup required.

How to Autogenerate GraphQL API Documentation

Why you’d want to autogenerate your GraphQL API documentation and how you implement it, including which tools to choose.

Compare REST with GraphQL for Performance Testing Using StepZend and k6

Performance testing is essential when choosing any new technology, and GraphQL is no different. Roy explores using k6 for performance testing and compares a GraphQL API with its REST-based counterpart.


How to build a serverless GraphQL API with Cosmos DB

In this guide, we’ll look at how to build a GraphQL API in Node.js with Apollo Server. By running it on Azure Functions with Cosmos DB for data storage, we can build a highly scalable serverless GraphQL API, removing the need to manage server infrastructure.

Building a unified GraphQL API with Apollo Router

In this article, you will see a practical example of building a unified GraphQL API (supergraph) composed of multiple GraphQL APIs (subgraphs). This is achieved with Apollo Router which recently became generally available.

🦄 Deep dive on authentication, authorization and RBAC for GraphQL Servers

GraphQL is a great way to build strongly typed, self documenting applications. One of the key concepts in GraphQL is that the server provides a single endpoint where it exposes all the data in a graph like structure that the clients can request from. Hence, our application needs to control who (authentication) can see and interact with what parts (authorization) of the data it provides.


GraphQL API Schemas: Designing a better one

Youssef shares some great tips on how to design better GraphQL APIs. Whether you're just getting started or are already a seasoned GraphQL developer, there's something to learn from his article.

Announcing GraphQL Hive, the complete GraphQL API manager

GraphQL Hive is a new tool from The Guild that helps developers better understand their APIs. It supports a schema registry, performance monitoring, alerts, and integrations. Works with all kinds of GraphQL APIs and is open source.


Airbnb’s Microservices Architecture Journey To Quality Engineering

If you’re interested in learning more about how large companies solve their engineering challenges, this article from Antoine on Airbnb's journey is a must-read.

GraphQL Composite Schemas Working Group

There are many different ways to combine GraphQL schemas, and it’s often challenging to design your schema in a way that makes it easy to use for composite schemas later on. Benjie proposes a GraphQL Working Group to look into this issue and start working on a common spec.


Monitoring GraphQL APIs with OpenTelemetry

If you are running a GraphQL API in production, you’ll need to monitor it. OpenTelemetry is an OSS, vendor-agnostic set of tools that allows you to do just that.

Learn GraphQL In One Week

We’ve already featured “Learn GraphQL In One Week” in issue 279, but now that all episodes are out, we wanted to bring it up again. So, if you’re interested in learning GraphQL, give this free course a try and build a full-stack eCommerce application with GraphQL Yoga, Prisma, and Planetscale.

Make WPGraphQL 56% faster with the new GraphCDN integration

GraphCDN recently released their Wordpress plugin that makes setting up GraphCDN with WPGraphQL a breeze. No need to worry about invalidation, the plugin takes care of all of that for you, and you can enjoy a speed increase on your API.

The supergraph: a new way to think about GraphQL

Apollo released a new version of their Apollo Router, their high-performance federation engine. In this article, Matt covers what changed and how the new engine enables a new architecture that solves the needs of the largest GraphQL users.


GraphQL is a Trap?

A couple of days ago, a Twitter thread claimed that GraphQL was a trap. Marc-André took the time to take a closer look and clear up some misconceptions.

The Heroes of GraphQL

Tim takes a look at the history and, more importantly, the people who helped make GraphQL the powerful technology it is today. Then, it'll take you on a journey from its beginnings at Facebook to Sangria, the GraphQL Foundation, and everybody working on the various projects today.

Adding GraphQL to your Django App

Look at Patrick's article if you're working on a Python application and thinking about adding GraphQL to your stack. It'll walk you through various options and helps you decide which tooling to use and how to implement and expose your new GraphQL endpoint.


GraphQL Sessions: Powering Farfetch.com

Learn how Farfetch.com adopted GraphQL and how they are using it to help build rich and unique experiences for their users.

Mission Possible: Performant GraphQL APIs made easy in Elixir

If you are working with Elixir and GraphQL, Eric has a great article on how to implement and maintain your GraphQL API, which problems you are likely to run into and how to solve them.

Intercepting GraphQL Requests with Cypress

Cypress offers fantastic tooling for building end-to-end tests with Javascript. And the “cy.intercept()” function allows you to intercept network requests. David explores how to use this to mock your GraphQL APIs in testing.

Feeling nerdy? Query issues of GraphQL Weekly, with GraphQL itself!
Powered by the GraphQL Playground
Enter a query
  allIssues {
    author {
or press CMD + Enter
Curated by Stellate, and the awesome GraphQL community.