September 2021 Summaries
3 posts from Wundergraph
Filter
Month:
Year:
Post Summaries
Back to Blog
The text discusses the fusion of GraphQL, REST, JSON-Schema and HTTP2. It highlights common misconceptions about GraphQL vs. REST and proposes a solution that combines the best parts of both API styles. The solution is to make GraphQL RESTful by using persisted operations, which allow for caching, stateless communication, and a uniform interface. This approach enables the use of existing infrastructure, such as CDNs and Proxies, and reduces vendor lock-in. The author argues that GraphQL can be used as an API orchestration layer and an ORM to multiple APIs, making it easier to integrate multiple APIs into one API. The solution is built on top of a well-maintained open-source project with contributions from many developers and companies. It is free and open-source, and the author invites readers to try it out.
Sep 29, 2021
9,529 words in the original blog post.
Versionless APIs are a crucial concept in enabling businesses to collaborate through APIs without worrying about backwards compatibility issues. By using JSON-RPC in combination with API snapshots and automatic client migrations, developers can break changes to their GraphQL APIs without breaking clients. This approach allows for faster iteration, improved security, and better support for mobile clients. The WunderGraph library provides a smart solution for rewriting GraphQL requests, but it has limitations regarding version tags and may not be suitable for all use cases. Ultimately, Versionless APIs are an enabler for a whole new ecosystem of API collaboration, enabling companies to move forward with their products while maintaining backwards compatibility.
Sep 13, 2021
4,134 words in the original blog post.
The complete GraphQL Security Guide covers 13 common vulnerabilities that can be exploited by attackers. These include parsing and normalizing GraphQL queries, operation validation errors, denial of service attacks, SQL injections, authentication vulnerabilities, authorization traversal attacks, Relay global object identification vulnerabilities, gateway/proxying vulnerabilities, introspection vulnerabilities, generated APIs vulnerabilities, CSRF vulnerabilities, and excessive error responses. The guide proposes solutions to mitigate these vulnerabilities by introducing an RPC layer in front of the GraphQL API, validating user inputs, protecting edges and nodes from unauthorized access, and using JSON Schema validation for all inputs and response objects. Additionally, companies like Shopify, GitHub, Twitter, Snapchat, and GitLab have learned from their own experiences with GraphQL security issues and paid out significant bounties to hackers who reported vulnerabilities in their APIs.
Sep 01, 2021
6,515 words in the original blog post.