GraphQLock abstracts all of this tedious implementation into just three functions and a JSON file.

Time is both precious and limited when developing a product, which means developers would love to be able to focus on actually building their application rather than worry about securing it.

Authorization and GraphQL

While GraphQL’s ability to consolidate queries and endpoints certainly comes with its advantages, it also presents security issues that developers must keep in mind. One of the biggest of these issues is authorization — the process of verifying what specific data the user has access to. GraphQL’s singular endpoint makes it difficult to implement effective authorization that is flexible enough to handle every query the front-end could throw at it. Even if a developer managed to set up perfect authorization, adding new tables to your database or modifying existing authorization can prove both time-intensive and bug-prone. This can be unbelievably frustrating for engineers who just want to get back to working on their application’s functionality.

Read the full blog post