GraphQL Weekly Logo 2
A weekly newsletter of the best news, articles, and
projects about GraphQL, Apollo and more.
mutation {
    # enter your first name
    # enter your email
  ) {

Issue 86

How to wrap a REST API with GraphQL
Wrapping REST APIs is one of the most exciting applications of GraphQL! This tutorial describes how you can turn a REST into a GraphQL API in 3 simple steps.
If you want to learn more about this topic, be sure to also watch Jon Wong's talk from the last GraphQL SF Meetup: Wrapping REST with GraphQL.
Exploring different GraphQL Clients
For the longest time Apollo and Relay have been the most dominant GraphQL clients. Today, there are multiple other projects that emerged over the last couple of months, such as graphql-request or urql. Read this excellent article by Abhi Ayer to get an overview of the current GraphQL client landscape.
Securing Your GraphQL API from Malicious Queries
If not properly secured, it's easy for attackers to overload and potentially take down GraphQL APIs, e.g. by sending deeply nested queries. In this article, Max Stoiber shares the approach they used at Spectrum to protect their GraphQL API from malicious requests.
Tools & Open Source
Matic Zavadlal has created a nice little library to secure GraphQL servers: "GraphQL Shield helps you create permission layer for your application. The idea behind it is to separate the permission logic from your application logic. This way you can you can make sure no request will ever be resolved if it wasn't meant to be."
Another approach to implement permissions in your GraphQL server is by using custom directives right inside your GraphQL schema definition. Check out this example by Dennis Walsh to learn more.
Want more of this?