Skip to content

re: How to convince your team to use GraphQL? VIEW POST


"Is GraphQL secure?"

Unlike frameworks for RESTful services, I haven't come across a single graphql library or framework that provides input validation and access control support. You have to write and wire all the security controls yourself.

GraphQL will be great, but for the moment it moves security controls backwards on API services significantly.

Here's a decent talk that goes into more depth on some of this:

code of conduct - report abuse