Securing a GraphQL API with Apollo

A secure API is an important part of web application development, and with GraphQL it is no different. This course will teach you to create secure Apollo APIs and clients, as well as how to protect against complex queries.
Course info
Rating
(13)
Level
Intermediate
Updated
Sep 1, 2020
Duration
1h 29m
Table of contents
Description
Course info
Rating
(13)
Level
Intermediate
Updated
Sep 1, 2020
Duration
1h 29m
Description

Securing APIs has always been an important part of web application development, and with GraphQL it is no different. Access control is a critical aspect of your API whether you’re developing for internal or third-party use. In this course, Securing a GraphQL API with Apollo, you’ll learn to implement modern security practices for using GraphQL effectively on the server and client, as well as protection against complex queries specific to GraphQL APIs. First, you’ll explore how authentication is handled for Apollo on both the server and client. Next, you’ll discover how GraphQL can give you fine-grained role-based access for your models, even down to the field level. Finally, you’ll learn about complex queries and how to handle and prevent them. When you’re finished with this course, you’ll have the skills and knowledge of how to build modern, secure GraphQL APIs with the Apollo server and client libraries.

About the author
About the author

Mat Warger is a senior software consultant based in Kansas City. He enjoys learning new concepts and has leveraged this curiosity in positions ranging from startups to the enterprise over the past decade. He is a meetup organizer and conference speaker specializing in client-side technologies. Find him on twitter @mwarger.

More from the author
Building React Apps with TypeScript
Intermediate
57m
Mar 25, 2021
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Mat Warger, and welcome to my course Securing a GraphQL API with Apollo. I'm a senior software consultant at Keyhole Software in Kansas City and have been building full‑stack applications for over a decade. Security is an important part of any modern web application. Have you ever wondered what similarities or differences there are between GraphQL and traditional REST APIs? In this course, we're going to explore how API security practices can be applied to the Apollo GraphQL server in Node.js, and how to use the API securely from a client‑side React app using Apollo Client. We'll leverage an existing application and slowly add features, including user accounts and roles, to provide a great experience for the users of the app in a secure way for the clients of the app to interact with it and the underlying API. Some of the things we'll cover include securing a GraphQL API using header authentication to allow for server and client‑side requests, securing a GraphQL API using cookies to authenticate securely between a browser and our API, we'll implement role‑based security so we can make sure that only certain users are allowed to access certain resources, and we'll protect against complex or malicious queries that could possibly bring down our server. By the end of this course, you'll have a solid foundation for securing your own GraphQL APIs and the concepts necessary to implement it in your own projects. Before beginning the course, you should be familiar with Apollo Server and Apollo Client. We'll be building up security features from scratch, so you won't need a security background to get started. I hope you'll join me on this journey to learn client and server security with GraphQL with the Securing a GraphQL API with Apollo course here at Pluralsight.