GraphQL > Security | 1 - Apollo GraphQL Blog

Latest GraphQL Security posts

December 12, 2023

Centrally enforce policy as code for GraphQL APIs

Although many in the industry consider GraphQL a replacement for existing API technologies, it is at its most powerful when used as a central orchestration layer between apps and existing services. This layer, implemented as a federated graph (or supergraph, for short), acts as a self-service API platform that accelerates development velocity for both frontend […]

October 9, 2023

Apollo’s Response to CVE-2023-38545

October 12, 2023 Update Yesterday, the curl project released details regarding CVE-2023-38545. We want to provide an update on Apollo’s impact from this vulnerability. As mentioned in our original post, Apollo Router, Apollo Client, Apollo Server, Apollo Kotlin, Apollo iOS, and Rover do not rely on curl and are not affected by this vulnerability. The […]

October 5, 2023

Enforcing GraphQL security best practices with GraphOS

GraphQL provides a self-service developer experience by enabling client teams to fetch all of the data they need with a single query. When implementing GraphQL at scale, it’s important to balance its flexibility with security measures that prevent bad actors from exploiting its self-serve nature. A supergraph provides a unified but modular approach to GraphQL […]