Gateway to GraphQL: Protecting and Managing GraphQL APIs in an Open World

Overview

There are a number of novel challenges inherent in bringing a GraphQL API to production. From authentication & authorisation to analytics and monetisation, there is no standard way to meet these challenges across GraphQL server implementations.

API Gateways are uniquely suited to addressing challenges with GraphQL production deployments. Rather than implementing (and re-implementing) solutions to these challenges at the server level, they can be addressed in a unified way at the gateway level.

This workshop will engage participants, giving them a chance to protect and production harden their GraphQL APIs using an extensible API gateway.

Outcome

By the end of the workshop you will have:

A greater understanding of possible vulnerabilities in production GraphQL deployments, and how an API gateway with GraphQL support can help mitigate these vulnerabilities.

And you’ll have learnt about:

Authentication
Granular Authorization
Input Validation
Caching
Analytics
Request Tracing
Depth- & Complexity-based Weighting
Management of Heterogeneous API Implementations (REST/GraphQL/SOAP)
Information Confidentiality & Compliance
Message Subscriptions

Prerequisites

This is an interactive workshop – participants should be willing to engage in conversations and group work. You’re not required to bring any devices or do coding. We have demos prepared to do some live coding together with the audience.

Participants who have some experience in GraphQL will get the most value from this workshop. Whether it be from implementation, deployment or project management. You will sure to gain useful insight.

Ideally you will have implemented or deployed a GraphQL API service, or are making high level decisions on a project that uses GraphQL. However, anyone who is a quick learner and keen to learn more is welcome to attend.

The workshop is aimed at: