A weekly newsletter of the best news, articles and projects about GraphQL

If you’re looking to secure access to your GraphQL APIs with OAuth2, make sure to read this article by Bruno for a helpful guide on implementing this using Node.js.

Stellate recently announced their open GraphQL API, giving anyone full access to integrate with their platform. In this blog post, they share how they went from an internal GraphQL API used by the dashboard only to having a public version usable by everyone in just two weeks.

In this post, Jens shares a new Architecture pattern for building flexible GraphQL APIs. By treating your GraphQL Schema like a Database, you can build use-case agnostic and flexible GraphQL APIs.

If you are new to GraphQL and are using Node.js, this guide will show you how GraphQL works, how it differs from REST APIs, and how to write your first GraphQL service.

Learn about the different ways you can add authorization and access controls to your GraphQL API, their advantages and disadvantages, and best practices. And learn how Cerbos can help with that.

Monitoring GraphQL APIs for security-related incidents and identifying suspicious queries and exploitation attempts requires different specialized tooling and processes. This article helps identify what you need to look for and how to adapt your toolchain and monitoring solutions.

Karim Rustom shares his GraphQL security experience from the point of view of an attacker/pentester and guides us through the steps required to test your API. This article deals with discovery. Make sure to read the other parts of the series as well.

Maciej Baron shares how to use a Django-based GraphQL API as a custom, tailored CMS for your Gatsby-powered site. He walks us through setting up a GraphQL source within Gatsby, creating pages based on the data, and integrating with the Gatsby image processing pipeline.

Managing PCI compliance is a tricky topic for all companies. It gets even more challenging if you have all your data in a single GraphQL API available to your internal and external tooling. Mike Byrnes from the Priceline team delves into how they solved this using Apollo GraphQL.

Anton Kalik from the CoverWallet team looks at how to merge two GraphQL schemas using Apollo Server and Koa middleware to provide a unified API for your clients.

Is it possible to passively observe traffic from a GraphQL API and piece together a schema? That’s the question that started Alex Leahu’s journey to build GraphQuail and some observations on testing a GraphQL service without knowing the schema.

Lauren Steven takes you from start to finish using Apollo Client within your React Native project, including configuration and how to use React hooks to fetch data.

Stellate, hosts of GraphQL Weekly, are focused on building GraphQL tooling daily, every day. Let us know if you are looking into making your GraphQL API public and would like some help from a team operating APIs with billions of requests per month. We’d love to help!

Marc-André dives into GraphQL Observability, which questions you should ask yourself when assessing your tooling, and provides tips on implementing or improving your setup.

If you’re working with Java and want to add GraphQL to your stack, see Rahul's article, which provides an in-depth overview of the various clients and their advantages and shortcomings.

Victoria looks at the two ways we can build our GraphQL APIs, how they differ, and their respective advantages and disadvantages.

Stellate recently released a new dashboard and, as part of that release, a completely revamped GraphQL Metrics product that provides full observability for your API.

While ZIP Bombs are a thing of the past, their concept is still relevant. Gautier from Escape looks at how those concepts can be applied to GraphQL and, more importantly, how to mitigate those attacks.

The team at Parabol saw their GraphQL API response times starting to increase and looked into how to improve their setup. They decided to scale their backend based on Redis Consumer Groups and write up their experience.

Rate limiting and securing server resources are central problems when developing any API. We want to prevent clients from being able to affect the experience of other clients or simply avoid being taken down. Marc-André Giroux dives into the rate-limiting of GraphQL APIs, how to get started, what else to keep in mind and his recommendations.

In the 2nd article of the series, Bobbie Cochrane and Dan Debrunner explain how Deduplication and Reuse can help to reduce the number of backend requests for a GraphQL operation and improve the performance of your services.

Isha from the Walmart Engineering team outlines Walmarts approach to ensure onboarding the various subgraphs to their federated gateway is a smooth and easy process that doesn't run into collisions and eliminates concerns ahead of time.

Lauring Quast and The Guild extract some of the standout features that make Relay such a powerful GraphQL client and make them available to other clients via a new GraphQL Codegen plugin.

Mohamed looks into performance testing of your GraphQL APIs with Apache JMeter.

Evan introduces a new open source library that helps you implement rate-limiting and query complexity analysis for your Node.js and Express-based GraphQL services.

Marc-André looks into Persisted Queries, their advantages, and the problems they help solve. And why using APQs did not magically transform your GraphQL server into a REST API.

This article will teach you how to create integration tests for a microservice built with Apollo Server Express and MongoDB Mongoose.

Pagination in GraphQL can be a pain to implement, especially if you don't have a good architecture in place. This article will show you how to create a simple interface that will make pagination easier for you.

This tutorial will show you how to set up a Headless CMS using a Strapi backend with PostgreSQL as the database and Cloudinary for image uploads. We'll also look into using Nuxt 3 for our frontend, which has SSR support and is compatible with Vue3.

The Neo4j GraphQL Toolbox is a new user interface that allows you, with minimal effort, to write and execute GraphQL queries and mutations against your Neo4j database, with absolutely no setup required.

Why you’d want to autogenerate your GraphQL API documentation and how you implement it, including which tools to choose.

Performance testing is essential when choosing any new technology, and GraphQL is no different. Roy explores using k6 for performance testing and compares a GraphQL API with its REST-based counterpart.

In this guide, we’ll look at how to build a GraphQL API in Node.js with Apollo Server. By running it on Azure Functions with Cosmos DB for data storage, we can build a highly scalable serverless GraphQL API, removing the need to manage server infrastructure.

In this article, you will see a practical example of building a unified GraphQL API (supergraph) composed of multiple GraphQL APIs (subgraphs). This is achieved with Apollo Router which recently became generally available.

GraphQL is a great way to build strongly typed, self documenting applications. One of the key concepts in GraphQL is that the server provides a single endpoint where it exposes all the data in a graph like structure that the clients can request from. Hence, our application needs to control who (authentication) can see and interact with what parts (authorization) of the data it provides.

Youssef shares some great tips on how to design better GraphQL APIs. Whether you're just getting started or are already a seasoned GraphQL developer, there's something to learn from his article.

GraphQL Hive is a new tool from The Guild that helps developers better understand their APIs. It supports a schema registry, performance monitoring, alerts, and integrations. Works with all kinds of GraphQL APIs and is open source.

If you’re interested in learning more about how large companies solve their engineering challenges, this article from Antoine on Airbnb's journey is a must-read.

There are many different ways to combine GraphQL schemas, and it’s often challenging to design your schema in a way that makes it easy to use for composite schemas later on. Benjie proposes a GraphQL Working Group to look into this issue and start working on a common spec.

If you are running a GraphQL API in production, you’ll need to monitor it. OpenTelemetry is an OSS, vendor-agnostic set of tools that allows you to do just that.

We’ve already featured “Learn GraphQL In One Week” in issue 279, but now that all episodes are out, we wanted to bring it up again. So, if you’re interested in learning GraphQL, give this free course a try and build a full-stack eCommerce application with GraphQL Yoga, Prisma, and Planetscale.

GraphCDN recently released their Wordpress plugin that makes setting up GraphCDN with WPGraphQL a breeze. No need to worry about invalidation, the plugin takes care of all of that for you, and you can enjoy a speed increase on your API.

Apollo released a new version of their Apollo Router, their high-performance federation engine. In this article, Matt covers what changed and how the new engine enables a new architecture that solves the needs of the largest GraphQL users.

A couple of days ago, a Twitter thread claimed that GraphQL was a trap. Marc-André took the time to take a closer look and clear up some misconceptions.

Tim takes a look at the history and, more importantly, the people who helped make GraphQL the powerful technology it is today. Then, it'll take you on a journey from its beginnings at Facebook to Sangria, the GraphQL Foundation, and everybody working on the various projects today.

Look at Patrick's article if you're working on a Python application and thinking about adding GraphQL to your stack. It'll walk you through various options and helps you decide which tooling to use and how to implement and expose your new GraphQL endpoint.

Learn how Farfetch.com adopted GraphQL and how they are using it to help build rich and unique experiences for their users.

If you are working with Elixir and GraphQL, Eric has a great article on how to implement and maintain your GraphQL API, which problems you are likely to run into and how to solve them.

Cypress offers fantastic tooling for building end-to-end tests with Javascript. And the “cy.intercept()” function allows you to intercept network requests. David explores how to use this to mock your GraphQL APIs in testing.