A weekly newsletter of the best news, articles and projects about GraphQL

Dagger, a programmable CI/CD engine that runs your pipelines in containers, announced the release of their internal GraphQL API for everyone as a unified interface for programming the Dagger Engine using any standard GraphQL client.

The Wundergraph team explores the developer experience and tradeoffs of tRPC and GraphQL and how we could get the same benefits with GraphQL APIs.

The Apollo team explains how to create a federated subgraph in Python using the Strawberry GraphQL library.

In this article, the team at Escape will show you how to create a simple GraphQL application, a message board, by combining many recent open-source technologies. This article aims to be a showcase of technologies that work well together rather than a complete tutorial on project setup.

Join Andrew Kallem as he recaps his journey to track down a material bug in a commonly used GraphQL client. Along the way, he'll touch on topics in GraphQL, deploy previews, cache normalization, optimistic UI, memoization, git, and debugging. Even if you're well-versed in all of those, you may find this story interesting because it has some surprising twists.

If you're looking to expand your business and operate an eCommerce app, take a look at Prithwish Nath's article that details all the necessary steps to get up and running with WunderGraph, Next.js, Strapi and Snipcart

Eke Olise guides readers through all the steps necessary to build your backend service on top of Nhost, the open-source alternative to Firebase. With support for GraphQL, of course!

Karim Rustom from the team at Escape shares more insights into pentesting GraphQL APIs and explains how thinking outside of the box will help with that.

Grafbase recently announced its newest funding round and took the opportunity to explain its plans around building the best developer platform to build and deploy serverless GraphQL backends.

This two-part series by Victor Kabata guides you through all the required steps to build a GraphQL service using Go and the GraphQL-Go package. If you're new to GraphQL and are working with Go already, give this a read!

Continuing with insights from the State of GraphQL survey, Hasura released their report summary and insights, which are a fantastic read, whether you are a user of their products and services or not.

If you want to start looking into federation and schema stitching and are using .Net and Hot Chocolate, Diego Pereira has the perfect guide for you. He’ll show you how to get started and guide you through the setup of a GraphQL API Gateway using federation to make multiple backend APIs available via a single GraphQL schema.

Whether to build GraphQL schemas directly using the GraphQL SDL or by using code has been a debate since GraphQL’s inception. We’re in 2022, and things haven’t changed much. Marc-André Giroux looks into both options and explores the advantages and shortcomings of each so that you can make a well-informed decision.

Michał Tyszkiewicz from the GraphQLEditor team looks at the first State of GraphQL survey and some interesting takeaways.

If you haven’t heard of Automatic Persisted Queries (or APQs for short), or have heard about them, but never used them in your projects, this post provides an excellent introduction to get you started.

William Lyon of the Neo4j team recently published a free ebook that teaches you how to use GraphQL with React, Node.js, and Neo4j to build complex, data-intensive applications from start to finish.

Over 3000 developers participated in the first “State of GraphQL” survey, and the results are finally in. If you’re interested in GraphQL (which I assume you are, otherwise, why did you subscribe 🤔), check out the results!

There’s a common problem with GraphQL, the N+1 Query. The power of GraphQL makes it a perfect storm for triggering N+1 Queries in a web framework. The team at Popmenu devised a solution that harnesses ActiveRecord’s association reflection system and a helpful tool supplied by the graphql gem, the lookahead, to solve this issue.

Whether for testing or more independent development, mocking a GraphQL server can be incredibly useful during any phase of your projects. If you’re interested in how to use GraphQL Mesh for this purpose, read up!

GraphQL is a powerful tool for describing your server’s capabilities and allowing clients to quickly discover and access available data. However, sometimes you want to control which data is available in which context, for example, to separate internal use cases of an API from external users. This article discusses several techniques for maintaining different schemas and how the team at Midas solved this.

This article covers how to upload, process, and store files in a MongoDB backend using the BinData format. It uses NestJS as a Javascript framework, GraphQL as API technology, and MongoDB with mongoose as ODM.

Nhost recently released a new npm package that makes it available to query the Stripe API via GraphQL, integrate Stripe into your existing GraphQL API, and allow your developers to query it alongside data stored in your database.

If you’re looking to secure access to your GraphQL APIs with OAuth2, make sure to read this article by Bruno for a helpful guide on implementing this using Node.js.

Stellate recently announced their open GraphQL API, giving anyone full access to integrate with their platform. In this blog post, they share how they went from an internal GraphQL API used by the dashboard only to having a public version usable by everyone in just two weeks.

In this post, Jens shares a new Architecture pattern for building flexible GraphQL APIs. By treating your GraphQL Schema like a Database, you can build use-case agnostic and flexible GraphQL APIs.

If you are new to GraphQL and are using Node.js, this guide will show you how GraphQL works, how it differs from REST APIs, and how to write your first GraphQL service.

Learn about the different ways you can add authorization and access controls to your GraphQL API, their advantages and disadvantages, and best practices. And learn how Cerbos can help with that.

Monitoring GraphQL APIs for security-related incidents and identifying suspicious queries and exploitation attempts requires different specialized tooling and processes. This article helps identify what you need to look for and how to adapt your toolchain and monitoring solutions.

Karim Rustom shares his GraphQL security experience from the point of view of an attacker/pentester and guides us through the steps required to test your API. This article deals with discovery. Make sure to read the other parts of the series as well.

Maciej Baron shares how to use a Django-based GraphQL API as a custom, tailored CMS for your Gatsby-powered site. He walks us through setting up a GraphQL source within Gatsby, creating pages based on the data, and integrating with the Gatsby image processing pipeline.

Managing PCI compliance is a tricky topic for all companies. It gets even more challenging if you have all your data in a single GraphQL API available to your internal and external tooling. Mike Byrnes from the Priceline team delves into how they solved this using Apollo GraphQL.

Anton Kalik from the CoverWallet team looks at how to merge two GraphQL schemas using Apollo Server and Koa middleware to provide a unified API for your clients.

Is it possible to passively observe traffic from a GraphQL API and piece together a schema? That’s the question that started Alex Leahu’s journey to build GraphQuail and some observations on testing a GraphQL service without knowing the schema.

Lauren Steven takes you from start to finish using Apollo Client within your React Native project, including configuration and how to use React hooks to fetch data.

Stellate, hosts of GraphQL Weekly, are focused on building GraphQL tooling daily, every day. Let us know if you are looking into making your GraphQL API public and would like some help from a team operating APIs with billions of requests per month. We’d love to help!

Marc-André dives into GraphQL Observability, which questions you should ask yourself when assessing your tooling, and provides tips on implementing or improving your setup.

If you’re working with Java and want to add GraphQL to your stack, see Rahul's article, which provides an in-depth overview of the various clients and their advantages and shortcomings.

Victoria looks at the two ways we can build our GraphQL APIs, how they differ, and their respective advantages and disadvantages.

Stellate recently released a new dashboard and, as part of that release, a completely revamped GraphQL Metrics product that provides full observability for your API.

While ZIP Bombs are a thing of the past, their concept is still relevant. Gautier from Escape looks at how those concepts can be applied to GraphQL and, more importantly, how to mitigate those attacks.

The team at Parabol saw their GraphQL API response times starting to increase and looked into how to improve their setup. They decided to scale their backend based on Redis Consumer Groups and write up their experience.

Rate limiting and securing server resources are central problems when developing any API. We want to prevent clients from being able to affect the experience of other clients or simply avoid being taken down. Marc-André Giroux dives into the rate-limiting of GraphQL APIs, how to get started, what else to keep in mind and his recommendations.

In the 2nd article of the series, Bobbie Cochrane and Dan Debrunner explain how Deduplication and Reuse can help to reduce the number of backend requests for a GraphQL operation and improve the performance of your services.

Isha from the Walmart Engineering team outlines Walmarts approach to ensure onboarding the various subgraphs to their federated gateway is a smooth and easy process that doesn't run into collisions and eliminates concerns ahead of time.

Lauring Quast and The Guild extract some of the standout features that make Relay such a powerful GraphQL client and make them available to other clients via a new GraphQL Codegen plugin.

Mohamed looks into performance testing of your GraphQL APIs with Apache JMeter.

Evan introduces a new open source library that helps you implement rate-limiting and query complexity analysis for your Node.js and Express-based GraphQL services.

Marc-André looks into Persisted Queries, their advantages, and the problems they help solve. And why using APQs did not magically transform your GraphQL server into a REST API.