
Authenticating GraphQL APIs with OAuth 2.0
There are many different ways to handle authentication in GraphQL, but one of the most common is to use OAuth 2.0 - and more specifically JSON Web Tokens (JWT) or Client Credentials.
There are many different ways to handle authentication in GraphQL, but one of the most common is to use OAuth 2.0 - and more specifically JSON Web Tokens (JWT) or Client Credentials.
You know how to secure REST endpoints. But are you worried about securing GraphQL? Is GraphQL less secure than REST? What do developers need to know? Should developers design the API first, secure it second? We hope you walk away with ideas and best practices for the ever-important topic of API security.
GraphQL APIs allow for introspection to view the schema. However, a best practice is to turn off introspection in production. Access Control policies allow for this.
GraphQL makes enterprise data “liquid” from a consumption perspective. But with such liquidity comes the possibility of opening new vulnerabilities. In this article, we explore challenges for data rights, data protection, and data sovereignty and describe mechanisms that can mitigate them.
GraphQL APIs are excellent for frontend developers, providing a simpler interface and more capabilities with a single request. However, this does raise security questions. Here we look at a StepZen feature designed to help address those security concerns.