When building a GraphQL endpoint, you’ll probably have to face the question of how to control who can see and interact with the data in your API. This typically involves authentication (determining who you are) and authorization (determining if you have access). In this collection, we’ll cover strategies and best practices for both.
“There are a number of useful patterns for GraphQL auth. Depending on how much control you need, this collection presents a variety of auth strategies from generic to fine-grained.
Note: If you’re not yet familiar with GraphQL, take a look at my other post first and come back later — you’ll get more out of it. Update 2018: This post is from early 2016. Check out the best practices we recommend for authentication and authorization. In this post, I want to talk about how you might go about […]
Jonas Helfer · Auth, Backend
At some point (probably pretty early on) when building a GraphQL endpoint, you’ll probably have to face the question of how to control who can see and interact with the data in your API. You may have heard people say things like “GraphQL doesn’t care how authentication or authorization works” which is technically true if […]
Jake Dawkins · Auth, Backend
Apollo Client uses the ultra flexible Apollo Link that includes several options for authentication. These official docs describe these options.
The official docs on how to authorize users and control permissions in your GraphQL API.
Authentication and authorization can be the trickiest things to implement for a GraphQL API. From custom schema directives to middleware to tokens, Mandi Wise covers the complexities, nuances, and available options for adding auth to your GraphQL API so you can deploy it with confidence.
JWTs (JSON Web Token, pronounced ‘jot’) are becoming a popular way of handling auth. This post aims to demystify what a JWT is, discuss its pros/cons and cover best practices in implementing JWT on the client-side, keeping security in mind. Although, we’ve worked on the examples with a GraphQL clients, but the concepts apply to any frontend client.
GraphQL for Android
Consume your GraphQL API on Android Devices with Apollo Android. Apollo Android is a GraphQL client that generates type-safe Kotlin models from your GraphQL queries. It also handles parsing and caching so you can focus on what matters most to your users and build beautiful mobile apps.
GraphQL Tooling and Code-gen
One of the many benefits of adopting GraphQL is the ever growing eco-system of tools and services available to help you build your apps even faster. From code-gen to configuring Apollo Server, this collection has a range of tools, tips, and configuration best practices designed to boost your productivity.
Caching & State Management with Apollo Client
State management is about caching the data you need to provide experiences for your users. Apollo Client is both a GraphQL client and a state management library. In this collection, you’ll learn how to use the latest version of Apollo Client as your single source of truth for state in client-side UI libraries like React.
Production Ready Graphs
Putting your data graph into production doesn’t have to be a guessing game or scary experience. This collection is composed of written and video resources focused on stability, monitoring, schema management, schema design, and best practices.
It can be challenging to serve an enterprise-scale data graph with a single, monolithic GraphQL server. To keep teams productive, you can use Apollo Federation to divide your graph’s implementation across multiple composable services. Learn about federation principles, tooling, and how to implement federation.
Error Handling with Apollo
At Apollo, we’ve heard a lot of desire from GraphQL developers for more guidance on how to do error handling. Learn how to communicate errors to your client in an organized way, and open up new possibilities for tooling.