Developers
BlogEventsStudio
Collections

Auth

When building a GraphQL endpoint, you’ll probably have to face the question of how to control who can see and interact with the data in your API. This typically involves authentication (determining who you are) and authorization (determining if you have access). In this collection, we’ll cover strategies and best practices for both.

  • Backend
  • Frontend

There are a number of useful patterns for GraphQL auth. Depending on how much control you need, this collection presents a variety of auth strategies from generic to fine-grained.

Khalil Stemmler
Developer Advocate
Blog post

A guide to authentication in GraphQL

Note: If you’re not yet familiar with GraphQL, take a look at my other post first and come back later — you’ll get more out of it. Update 2018: This post is from early 2016. Check out the best practices we recommend for authentication and authorization. In this post, I want to talk about how you might go about […]

Jonas Helfer · Auth, Backend

Blog post

Authorization in GraphQL

At some point (probably pretty early on) when building a GraphQL endpoint, you’ll probably have to face the question of how to control who can see and interact with the data in your API. You may have heard people say things like “GraphQL doesn’t care how authentication or authorization works” which is technically true if […]

Jake Dawkins · Auth, Backend

Docs

Authentication in Apollo Client

Apollo Client uses the ultra flexible Apollo Link that includes several options for authentication. These official docs describe these options.

Docs

Authentication in Apollo Server

The official docs on how to authorize users and control permissions in your GraphQL API.

Talk

How to Auth: Secure a GraphQL API with Confidence

Authentication and authorization can be the trickiest things to implement for a GraphQL API. From custom schema directives to middleware to tokens, Mandi Wise covers the complexities, nuances, and available options for adding auth to your GraphQL API so you can deploy it with confidence.

Mandi Wise

Blog Post

The Ultimate Guide to handling JWTs on frontend clients (GraphQL)

JWTs (JSON Web Token, pronounced ‘jot’) are becoming a popular way of handling auth. This post aims to demystify what a JWT is, discuss its pros/cons and cover best practices in implementing JWT on the client-side, keeping security in mind. Although, we’ve worked on the examples with a GraphQL clients, but the concepts apply to any frontend client.

Hasura

Related collections

GraphQL for Android

Consume your GraphQL API on Android Devices with Apollo Android. Apollo Android is a GraphQL client that generates type-safe Kotlin models from your GraphQL queries. It also handles parsing and caching so you can focus on what matters most to your users and build beautiful mobile apps.

  • Frontend
  • Mobile

GraphQL Tooling and Code-gen

One of the many benefits of adopting GraphQL is the ever growing eco-system of tools and services available to help you build your apps even faster. From code-gen to configuring Apollo Server, this collection has a range of tools, tips, and configuration best practices designed to boost your productivity.

  • Backend
  • Frontend
  • How-to
  • Platform

Caching & State Management with Apollo Client

State management is about caching the data you need to provide experiences for your users. Apollo Client is both a GraphQL client and a state management library. In this collection, you’ll learn how to use the latest version of Apollo Client as your single source of truth for state in client-side UI libraries like React.

  • Frontend

Production Ready Graphs

Putting your data graph into production doesn’t have to be a guessing game or scary experience. This collection is composed of written and video resources focused on stability, monitoring, schema management, schema design, and best practices.

  • Backend
  • How-to
  • Platform

Federation 101

It can be challenging to serve an enterprise-scale data graph with a single, monolithic GraphQL server. To keep teams productive, you can use Apollo Federation to divide your graph’s implementation across multiple composable services. Learn about federation principles, tooling, and how to implement federation.

  • Backend
  • Platform

Error Handling with Apollo

At Apollo, we’ve heard a lot of desire from GraphQL developers for more guidance on how to do error handling. Learn how to communicate errors to your client in an organized way, and open up new possibilities for tooling.

  • Backend
  • Frontend

© 2021 Apollo Graph Inc.

Company