CINXE.COM

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin="true"/><link href="/geist/stylesheet.css" rel="stylesheet"/><link href="/geist-mono/stylesheet.css" rel="stylesheet"/><link rel="canonical" href="https://inigo.io/blog"/><link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"/><link rel="manifest" href="/site.webmanifest"/><link rel="mask-icon" href="/safari-pinned-tab.svg" color="#042866"/><meta name="msapplication-TileColor" content="#da532c"/><meta name="theme-color" content="#ffffff"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta name="robots" content="index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1"/><link rel="shortlink" href="https://inigo.io/"/><title>Blog | Inigo</title><meta name="description" content="Inigo supports API developers and security architects with better security and operational tools for resilient, secure GraphQL adoption and scale."/><meta property="og:locale" content="en_US"/><meta property="og:type" content="website"/><meta property="og:title" content="Inigo - GraphQL Security"/><meta property="og:description" content="Inigo supports API developers and security architects with better security and operational tools for resilient, secure GraphQL adoption and scale."/><meta property="og:url" content="https://inigo.io/"/><meta property="og:site_name" content="Inigo"/><meta name="twitter:title" content="Blog | Inigo"/><meta name="twitter:description" content="Inigo supports API developers and security architects with better security and operational tools for resilient, secure GraphQL adoption and scale."/><meta name="next-head-count" content="27"/><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin /><link rel="preload" href="/_next/static/css/8b1585d70dcaca9d.css" as="style"/><link rel="stylesheet" href="/_next/static/css/8b1585d70dcaca9d.css" data-n-g=""/><link rel="preload" href="/_next/static/css/e7be7b782f942680.css" as="style"/><link rel="stylesheet" href="/_next/static/css/e7be7b782f942680.css" data-n-p=""/><link rel="preload" href="/_next/static/css/82e77e3d43188fdd.css" as="style"/><link rel="stylesheet" href="/_next/static/css/82e77e3d43188fdd.css" data-n-p=""/><link rel="preload" href="/_next/static/css/74df91f10f659d7c.css" as="style"/><link rel="stylesheet" href="/_next/static/css/74df91f10f659d7c.css"/><link rel="preload" href="/_next/static/css/768bc07f6c9a9f29.css" as="style"/><link rel="stylesheet" href="/_next/static/css/768bc07f6c9a9f29.css"/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-5cd94c89d3acac5f.js"></script><script defer="" src="/_next/static/chunks/767-b19ff43fb6ca6cf9.js"></script><script defer="" src="/_next/static/chunks/352.2a7f5aa79cbcfcca.js"></script><script defer="" src="/_next/static/chunks/333.6df932fa345befef.js"></script><script src="/_next/static/chunks/webpack-fe7839405d981043.js" defer=""></script><script src="/_next/static/chunks/framework-087e577bf6ac2de7.js" defer=""></script><script src="/_next/static/chunks/main-7d97e9e1bd3f6e9a.js" defer=""></script><script src="/_next/static/chunks/pages/_app-82101de9b8dc67c2.js" defer=""></script><script src="/_next/static/chunks/75fc9c18-6b37f4b68d337d33.js" defer=""></script><script src="/_next/static/chunks/248-65b9b1ed1d18570c.js" defer=""></script><script src="/_next/static/chunks/543-84873d004bcce76f.js" defer=""></script><script src="/_next/static/chunks/840-9397f05eae77152b.js" defer=""></script><script src="/_next/static/chunks/pages/blog-37d627255ff191d7.js" defer=""></script><script src="/_next/static/YOApxyMKoXfbalFz9PQVs/_buildManifest.js" defer=""></script><script src="/_next/static/YOApxyMKoXfbalFz9PQVs/_ssgManifest.js" defer=""></script><script src="/_next/static/YOApxyMKoXfbalFz9PQVs/_middlewareManifest.js" defer=""></script><style data-href="https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap">@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrFJM.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9V1g.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6V1g.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7V1g.woff) format('woff')}@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecnFHGPezSQ.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1JlFd2JQEl8qw.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFd2JQEl8qw.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFd2JQEl8qw.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Poppins';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}</style><style data-href="https://fonts.googleapis.com/css2?family=Roboto+Mono:wght@400;500&display=swap">@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vqPQA.woff) format('woff')}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_7PqPQA.woff) format('woff')}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSV0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSx0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSt0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSd0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSZ0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:400;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0me8iUI0.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSV0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSx0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSt0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSd0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSZ0me8iUI0lkQ.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Roboto Mono';font-style:normal;font-weight:500;font-display:swap;src:url(https://fonts.gstatic.com/s/robotomono/v23/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0me8iUI0.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}</style><style data-href="https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@600;700&display=swap">@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkw.woff) format('woff')}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkw.woff) format('woff')}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmhdu3cOWxy40.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwkxdu3cOWxy40.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmxdu3cOWxy40.woff2) format('woff2');unicode-range:U+1F00-1FFF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdu3cOWxy40.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:600;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhdu3cOWxy40.woff2) format('woff2');unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxdu3cOWxy40.woff2) format('woff2');unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmxdu3cOWxy40.woff2) format('woff2');unicode-range:U+1F00-1FFF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBdu3cOWxy40.woff2) format('woff2');unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRdu3cOWxy40.woff2) format('woff2');unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:'Source Sans Pro';font-style:normal;font-weight:700;font-display:swap;src:url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2) format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}</style></head><body><div id="__next"><div id="header" class="Header_header__za8ic light"><div class="container Header_headerContainer__DDpCs"><a class="Header_logo__Nk2PP" style="display:flex;align-items:center;mask:url(/img/logo.svg) no-repeat center / contain;-webkit-mask:url(/img/logo.svg) no-repeat center / contain" href="/"><img width="102" height="32" alt="Inigo Logo" style="cursor:pointer;opacity:0" src="/img/logo.svg"/></a><div class="Header_navigation__LMP4c"><div class="Header_popoverMenu__BdAVY"><div class="Header_popoverMenuChildren__ASZvh"></div></div><div class="Header_item__sNSbg"><h3 class="Header_link__7jyD0" style="cursor:auto;user-select:none">Product<svg style="margin-left:8px" width="12" height="12" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M14.7216 5.63282L8.67216 11.7199C8.30094 12.0934 7.69906 12.0934 7.32784 11.7199L1.27842 5.63282C0.907194 5.25929 0.907194 4.65368 1.27842 4.28015C1.64964 3.90662 2.25151 3.90662 2.62273 4.28015L8 9.69084L13.3773 4.28015C13.7485 3.90662 14.3504 3.90662 14.7216 4.28015C15.0928 4.65368 15.0928 5.25929 14.7216 5.63282Z" fill="currentColor"></path></svg></h3></div><div class="Header_item__sNSbg"><h3 class="Header_link__7jyD0" style="cursor:auto;user-select:none">Solutions<svg style="margin-left:8px" width="12" height="12" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M14.7216 5.63282L8.67216 11.7199C8.30094 12.0934 7.69906 12.0934 7.32784 11.7199L1.27842 5.63282C0.907194 5.25929 0.907194 4.65368 1.27842 4.28015C1.64964 3.90662 2.25151 3.90662 2.62273 4.28015L8 9.69084L13.3773 4.28015C13.7485 3.90662 14.3504 3.90662 14.7216 4.28015C15.0928 4.65368 15.0928 5.25929 14.7216 5.63282Z" fill="currentColor"></path></svg></h3></div><div class="Header_item__sNSbg"><a href="/pricing"><h3 class="Header_link__7jyD0">Pricing</h3></a></div><div class="Header_item__sNSbg"><a target="_blank" href="https://docs.inigo.io"><h3 class="Header_link__7jyD0">Docs</h3></a></div><div class="Header_item__sNSbg"><a href="/blog"><h3 class="Header_link__7jyD0 Header_active__ArEjA">Blog</h3></a></div><div class="Header_item__sNSbg"><h3 class="Header_link__7jyD0" style="cursor:auto;user-select:none">Learn<svg style="margin-left:8px" width="12" height="12" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M14.7216 5.63282L8.67216 11.7199C8.30094 12.0934 7.69906 12.0934 7.32784 11.7199L1.27842 5.63282C0.907194 5.25929 0.907194 4.65368 1.27842 4.28015C1.64964 3.90662 2.25151 3.90662 2.62273 4.28015L8 9.69084L13.3773 4.28015C13.7485 3.90662 14.3504 3.90662 14.7216 4.28015C15.0928 4.65368 15.0928 5.25929 14.7216 5.63282Z" fill="currentColor"></path></svg></h3></div></div><div class="Header_actions__HXH_c" style="display:flex;margin-left:auto"><a href="https://landing.inigo.io/demo" target="_blank"><div class="Button_button__vjyUx" data-type="primary" data-size="default">Get a demo</div></a><div style="margin-left:24px"><a href="https://app.inigo.io/" target="_blank"><div class="Button_button__vjyUx" data-type="secondary" data-size="default">Get started for free</div></a></div></div></div></div><div class="Notifications_wrapper__MdtP8"><div class="Notifications_container__s6gON"></div></div><div style="flex:1"><section class="Blog_section__rJEq5" data-section="new"><div class="container Blog_container___FXXS"><div class="Blog_pageTitle__z86zL"><h1>Inigo Blog</h1></div><a class="Blog_post__nxiI8" href="/blog/graphql-schema-checks-with-github-actions"><div class="Blog_content__hr05U"><h2 class="Blog_title__fzP73">GraphQL Schema Checks with GitHub Actions</h2><div class="Blog_info__mxOuz"><span>Nikolai Kaploniuk</span><span class="Blog_divider__ULY6W">·</span><span class="Blog_date__RKpq9">Nov 19, 2024</span></div><div class="Blog_text__PHSp3"><p>With this integration, schema changes and errors are surfaced directly in GitHub pull requests.</p> </div><div class="Blog_footer__wEa0E"><a url="/blog/graphql-schema-checks-with-github-actions" type="link" label="Read more" href="/blog/graphql-schema-checks-with-github-actions"><div class="Button_button__vjyUx" data-type="link" data-size="default">Read more<div class="Button_icon__hyYhb"><div class="Button_line__C1Yfu"></div><svg class="Button_arrow__2gpKm" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M5.04774 11.7793L9 8L5.04774 4.22068C4.90986 4.08658 4.8324 3.9047 4.8324 3.71506C4.8324 3.52541 4.90986 3.34354 5.04774 3.20944C5.18562 3.07534 5.37263 3 5.56762 3C5.76261 3 5.94962 3.07534 6.0875 3.20944L10.4933 7.49438C10.5616 7.56072 10.6159 7.63952 10.6529 7.72629C10.6899 7.81305 10.709 7.90606 10.709 8C10.709 8.09394 10.6899 8.18695 10.6529 8.27371C10.6159 8.36048 10.5616 8.43928 10.4933 8.50562L6.0875 12.7906C6.01923 12.857 5.93818 12.9096 5.84898 12.9456C5.75978 12.9815 5.66417 13 5.56762 13C5.47107 13 5.37546 12.9815 5.28626 12.9456C5.19706 12.9096 5.11601 12.857 5.04774 12.7906C4.97947 12.7242 4.92531 12.6453 4.88836 12.5586C4.85142 12.4718 4.8324 12.3788 4.8324 12.2849C4.8324 12.191 4.85142 12.0981 4.88836 12.0113C4.92531 11.9245 4.97947 11.8457 5.04774 11.7793Z" fill="currentColor"></path></svg></div></div></a></div></div><div class="Blog_cover__22FQK"><img width="100%" src="/img/strapi/Blog_-_GraphQL_Schema_Checks_with_GitHub_Actions.webp"/></div></a></div></section><div class="Blog_section__rJEq5 Blog_getStarted__Kzhdd dark undefined" data-section="__get_started"><div class="Blog_container___FXXS container"><div class="Blog_card__N6nuN"><span class="Blog_title__fzP73">Ready <strong>to accelerate</strong> your GraphQL adoption?</span><div class="Blog_actions__v4MsO"><a href="https://app.inigo.io" target="_blank"><div class="Button_button__vjyUx" data-type="primary" data-size="default">Start Inigo for free</div></a><div class="Blog_caption__kylxA">*No credit card needed</div></div></div><div class="Blog_card__N6nuN"><span class="Blog_title__fzP73">Join our <strong>newsletter</strong>.<br/>No spam.</span><div class="Blog_actions__v4MsO"><div class="Subscribe_subscribe__fdAxO"><div class="Subscribe_input__4SSQ5"><div class="Input_container__uVEry Input_disableClear__j5G8v" data-state="default"><div class="Input_field__78goo"><input class="Input_input__T9DSh" type="text" placeholder="Enter your email" value=""/></div></div><div class="Subscribe_tooltip__L8Jii"><svg width="16" height="18" viewBox="0 0 16 18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M7.37141 2.38853C7.6304 1.87049 8.3696 1.87049 8.62859 2.38854L15.9249 16.9828C16.1585 17.4501 15.8187 18 15.2963 18H0.703694C0.181255 18 -0.15854 17.4501 0.0751019 16.9828L7.37141 2.38853Z" fill="#FFC836"></path><path d="M7.71541 6.25414C7.30215 6.25414 6.97809 6.60903 7.01551 7.02064L7.61681 13.6357C7.63482 13.8339 7.801 13.9857 8.00001 13.9857C8.19903 13.9857 8.3652 13.8339 8.38322 13.6357L8.98452 7.02064C9.02193 6.60903 8.69788 6.25414 8.28462 6.25414H7.71541Z" fill="white"></path><path d="M8 16.7971C8.58221 16.7971 9.05418 16.3251 9.05418 15.7428C9.05418 15.1606 8.58221 14.6885 8 14.6885C7.41779 14.6885 6.94582 15.1606 6.94582 15.7428C6.94582 16.3251 7.41779 16.7971 8 16.7971Z" fill="white"></path></svg>Please enter valid email.</div></div><button class="Button_button__vjyUx" data-disabled="false" data-type="primary" data-size="default">Subscribe</button></div></div></div></div></div><section class="Blog_section__rJEq5 Blog_related__KEL4A dark" data-section="posts"><div class="container Blog_container___FXXS"><div class="Posts_posts__TsKSt Posts_alternate__4SC8P"><div class="Posts_blur__wN2Tw"><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div><div class="Posts_item__a2auA"></div></div><a class="Posts_post__DbZ9o" href="/blog/imminent-directive-future-proofing-graphql-api-changes"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Proposal_-_imminent_Directive_Future-Proofing_GraphQL_API_Changes.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Nov 12, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Nikolai Kaploniuk</div></div><h3>Proposal the @imminent Directive: Future-Proofing GraphQL API Changes</h3><div class="Posts_footer__z7JYC"><a href="/blog/imminent-directive-future-proofing-graphql-api-changes"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/4-ways-to-perform-graphql-schema-checks-with-inigo"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/4_Ways_to_Perform_GraphQL_Schema_Checks_with_Inigo.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Nov 11, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>4 Ways to Perform GraphQL Schema Checks with Inigo</h3><div class="Posts_footer__z7JYC"><a href="/blog/4-ways-to-perform-graphql-schema-checks-with-inigo"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/inigo-gateway"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog_-_Inigo_Gateway.png"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Sep 23, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Announcing Inigo Gateway: The Next Evolution in GraphQL Management</h3><div class="Posts_footer__z7JYC"><a href="/blog/inigo-gateway"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/what-is-graphql"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog___What_is_GraphQL_.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Aug 01, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>What is GraphQL? A Comprehensive Overview of GraphQL</h3><div class="Posts_footer__z7JYC"><a href="/blog/what-is-graphql"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/inigo-gartner-API-hype-cycle-2024"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog___Inigo_Recognized_in_Gartner's_Hype_Cycle_for_APIs,_2028.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jul 15, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Inigo Recognized in Gartner's Hype Cycle for APIs, 2024</h3><div class="Posts_footer__z7JYC"><a href="/blog/inigo-gartner-API-hype-cycle-2024"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/deliver-software-faster"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog___Deliver_Software_Faster_with_GraphQL_and_Inigo.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jul 10, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Deliver Software Faster with GraphQL and Inigo: Whitepaper Preview</h3><div class="Posts_footer__z7JYC"><a href="/blog/deliver-software-faster"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/google-cloud-inigo"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Inigo_Google_Cloud.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jun 01, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Google Cloud and Inigo: Innovate with GraphQL</h3><div class="Posts_footer__z7JYC"><a href="/blog/google-cloud-inigo"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/kong-plugin"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/kong-header.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">May 22, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Introducing the Inigo Kong Plugin: Elevate Your Kong Gateway’s GraphQL API Management</h3><div class="Posts_footer__z7JYC"><a href="/blog/kong-plugin"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/code-first-graphql"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Post___Safer_Code-First_GraphQL_Development_with_Inigo’s_Schema_Checks_and_Linting.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">May 14, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Safer Code-First GraphQL Development with Inigo’s Schema Checks and Linting</h3><div class="Posts_footer__z7JYC"><a href="/blog/code-first-graphql"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/llm-ai-graphql-analytics-inigo"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Chat_bubble_for_AI_assistant_to_LLM_blog_post.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">May 01, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>LLM-Powered GraphQL Observability</h3><div class="Posts_footer__z7JYC"><a href="/blog/llm-ai-graphql-analytics-inigo"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/apigee-inigo"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/apigee-header.png"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Apr 23, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Inigo Meets Apigee: Elevate Your GraphQL APIs in Google Cloud</h3><div class="Posts_footer__z7JYC"><a href="/blog/apigee-inigo"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/break-free-apollo"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/blog_break_free_from_apollo_how_inigo_beats_graphos_on_value_and_features_2x.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Mar 25, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Break Free from Apollo: How Inigo Beats GraphOS on Value and Features</h3><div class="Posts_footer__z7JYC"><a href="/blog/break-free-apollo"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/5-graphql-features-customers-love"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/blog_5_inigo_features_our_customers_love.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Mar 18, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>The 5 Most Valuable GraphQL Features According to Our Users</h3><div class="Posts_footer__z7JYC"><a href="/blog/5-graphql-features-customers-love"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/are-you-still-using-datadog-for-graphql-analytics"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/blog_are_you_still_using_a_siem_for_graphql_analytics_.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Mar 12, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Still Using Datadog For GraphQL Analytics?</h3><div class="Posts_footer__z7JYC"><a href="/blog/are-you-still-using-datadog-for-graphql-analytics"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/linting-inigo"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/linting.png"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Mar 05, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>GraphQL Schema Linting: Ensuring Consistency Across Subgraphs</h3><div class="Posts_footer__z7JYC"><a href="/blog/linting-inigo"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/okta-inigo"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog_-_Inigo’s_Okta_Integration_for_Enterprise_SSO.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Feb 14, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Inigo’s Okta Integration for Enterprise SSO</h3><div class="Posts_footer__z7JYC"><a href="/blog/okta-inigo"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/yoga-inigo"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/yoga-header.png"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Feb 13, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Inigo Plugin for GraphQL Yoga</h3><div class="Posts_footer__z7JYC"><a href="/blog/yoga-inigo"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/kickstart-graphql-2024"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Kickstart_Your_GraphQL_Projects_in_2024_with_Inigo.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jan 24, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Kickstart Your GraphQL Projects in 2024 with Inigo</h3><div class="Posts_footer__z7JYC"><a href="/blog/kickstart-graphql-2024"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/inigo-explorer-public"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Our-New-GraphQL-Playground-for-Everyone_-Public-Explorerc.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jan 10, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Our New GraphQL Playground for Everyone: Public Explorer</h3><div class="Posts_footer__z7JYC"><a href="/blog/inigo-explorer-public"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/advanced-alerts-graphql"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/advanced-alerts-header.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jan 08, 2024</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Advanced Alerts for Your GraphQL API with Inigo</h3><div class="Posts_footer__z7JYC"><a href="/blog/advanced-alerts-graphql"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/streamline-everyday-tasks-developer"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/graphql_everyday_tasks.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 12, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Streamline 8 Everyday Tasks of a GraphQL Developer with Inigo</h3><div class="Posts_footer__z7JYC"><a href="/blog/streamline-everyday-tasks-developer"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-playground-tour"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/new_collaborative_and_productive_graphql_playground.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Dec 05, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>New GraphQL Playground Tour — Tracing Included</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-playground-tour"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql-collaborative-journey"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/embracing_graphql_a_collaborative_journey.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Nov 28, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Embracing GraphQL - A Collaborative Journey</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql-collaborative-journey"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/top_10_benefits_of_inigo_over_apollo_graphos"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/top_10_benefits_inigo_over_graphos.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Nov 08, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Top 10 Benefits of Inigo’s Replacement for GraphOS</h3><div class="Posts_footer__z7JYC"><a href="/blog/top_10_benefits_of_inigo_over_apollo_graphos"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphqlsummit_2023_recap"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/graphql-summit-recap.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Oct 18, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>GraphQL Summit Recap: Exploring Diverse GraphQL Solutions</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphqlsummit_2023_recap"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphqlconf_2023_recap"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/graphqlconf_2023_recap.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Sep 26, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>GraphQLConf 2023 Recap: A Celebration of Knowledge and Community</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphqlconf_2023_recap"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/introducing_inigo_starter_edition"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Introducing_the_inigo_starter_edition_unleash_graphql_superpowers__for_free_.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Sep 18, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Introducing the Inigo Starter Edition: Unleash GraphQL Superpowers for Free!</h3><div class="Posts_footer__z7JYC"><a href="/blog/introducing_inigo_starter_edition"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/hasura_inigo_dos_attack"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/hasura_inigo.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Aug 31, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Hasura + Inigo: How to Prevent a Denial of Service Attack</h3><div class="Posts_footer__z7JYC"><a href="/blog/hasura_inigo_dos_attack"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/control_your_graphql_destiny"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/control_your_graphql_destiny_with_inigo_(1).webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Aug 22, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>Control Your GraphQL Destiny with Inigo (Don’t Get Vendor Locked)</h3><div class="Posts_footer__z7JYC"><a href="/blog/control_your_graphql_destiny"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/use_inigo_with_apollo_gateway"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/inigo_with_apollo_gateway.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jul 11, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Eric Murphy</div></div><h3>How to Use Inigo with Apollo Gateway and Better Understand Your Subgraphs</h3><div class="Posts_footer__z7JYC"><a href="/blog/use_inigo_with_apollo_gateway"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/subgraph_visibility_in_graphql"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Subgraph_Visibility_in_GraphQL_Header.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jun 20, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Subgraph Visibility in GraphQL</h3><div class="Posts_footer__z7JYC"><a href="/blog/subgraph_visibility_in_graphql"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/inigo_earns_new_analyst_recognition_for_platform_innovation"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/blog_intellyx_platform_innovation.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">May 31, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Inigo Earns New Analyst Recognition for Platform Innovation</h3><div class="Posts_footer__z7JYC"><a href="/blog/inigo_earns_new_analyst_recognition_for_platform_innovation"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/inigo_integration_with_aws_appsync"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/1_inigo_aws_appsync_header.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">May 30, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>NEW: Inigo's integration with AWS AppSync</h3><div class="Posts_footer__z7JYC"><a href="/blog/inigo_integration_with_aws_appsync"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql_in_development"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/graphql_in_development.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Apr 24, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>GraphQL in development</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql_in_development"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/expedite_graphql_roadmap"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Expedite_Your_GraphQL_Roadmap.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Apr 04, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Expedite your GraphQL roadmap by making it enterprise-ready from day one</h3><div class="Posts_footer__z7JYC"><a href="/blog/expedite_graphql_roadmap"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/materialized_views_and_clickhouse"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Harnessing_Materialized_Views_and_ClickHouse_for_High-Performance_Analytics.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Mar 29, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Ruslan Shcherbin</div></div><h3>Harnessing Materialized Views and ClickHouse for High-Performance Analytics</h3><div class="Posts_footer__z7JYC"><a href="/blog/materialized_views_and_clickhouse"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/unmanaged_graphql_apis_platform_secops"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Are_Your_Developers_Using_GraphQL_Without_Your_Knowledge.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Mar 14, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Are Your Developers Using GraphQL Without Your Knowledge?</h3><div class="Posts_footer__z7JYC"><a href="/blog/unmanaged_graphql_apis_platform_secops"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql_error_handling"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/API_Gateway_are_blind_to_GraphQL.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Feb 28, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>GraphQL Error Handling</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql_error_handling"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql_injection_attacks"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Graphql_Injection.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Feb 03, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>GraphQL Injection Attacks</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql_injection_attacks"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql_in_enterprise"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Post_8_Illustration_1.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jan 24, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>GraphQL in Enterprise - Are you Ready?</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql_in_enterprise"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/graphql_2023_predictions"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Post_8_Illustration.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jan 17, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>GraphQL 2023 Predictions</h3><div class="Posts_footer__z7JYC"><a href="/blog/graphql_2023_predictions"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/inigo_soc_2_type_ii"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Blog_5_Illustration.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Jan 11, 2023</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Your security peace-of-mind: We’re SOC 2 Type II Compliant</h3><div class="Posts_footer__z7JYC"><a href="/blog/inigo_soc_2_type_ii"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/2022_devops_dozen_finalists"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Best_New_Dev_Ops_Tool_400x400.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Nov 17, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Inigo named one of the Best New DevOps Tools by the Techstrong Group</h3><div class="Posts_footer__z7JYC"><a href="/blog/2022_devops_dozen_finalists"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/operation_name_security_in_graphql"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Operation_Name_Security.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Oct 11, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin & Inigo team</div></div><h3>Operation name security in GraphQL</h3><div class="Posts_footer__z7JYC"><a href="/blog/operation_name_security_in_graphql"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/defeating_controls_with_array-based_query_batching"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Array_based_Query_Batching.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Oct 05, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin & Inigo team</div></div><h3>Defeating controls with Array-based Query Batching</h3><div class="Posts_footer__z7JYC"><a href="/blog/defeating_controls_with_array-based_query_batching"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/defeating_controls_with_alias-based_query_batching"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Alias_based_Query_Batching.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Sep 27, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin & Inigo team</div></div><h3>Defeating controls with Alias-based Query Batching</h3><div class="Posts_footer__z7JYC"><a href="/blog/defeating_controls_with_alias-based_query_batching"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/analysis_of_public_graphql_vulnerability_reports"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Public_Graph_QL_Vulnerability_Header.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Sep 20, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin & Inigo team</div></div><h3>Analysis of public GraphQL vulnerability reports</h3><div class="Posts_footer__z7JYC"><a href="/blog/analysis_of_public_graphql_vulnerability_reports"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/what_makes_defending_graphql_apis_is_challenging_to_security_engineers"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Defending_Graph_QL_AP_Is_Challenging_to_Security_Engineers.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Sep 12, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin & Inigo team</div></div><h3>What makes defending GraphQL APIs challenging to security engineers</h3><div class="Posts_footer__z7JYC"><a href="/blog/what_makes_defending_graphql_apis_is_challenging_to_security_engineers"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/how_threat_actors_fingerprint_your_graphql_apis"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Sep 06, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin & Inigo team</div></div><h3>How threat actors fingerprint your GraphQL APIs</h3><div class="Posts_footer__z7JYC"><a href="/blog/how_threat_actors_fingerprint_your_graphql_apis"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/how_threat_actors_detect_your_graphql_apis"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Aug 29, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin & Inigo team</div></div><h3>How threat actors detect your GraphQL APIs</h3><div class="Posts_footer__z7JYC"><a href="/blog/how_threat_actors_detect_your_graphql_apis"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/inigo-is-a-proud-new-member-of-the-graphql-foundation"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/inigo_joins_graphql_foundation.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">Aug 19, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>Inigo is a proud new member of the GraphQL Foundation</h3><div class="Posts_footer__z7JYC"><a href="/blog/inigo-is-a-proud-new-member-of-the-graphql-foundation"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/all-the-knobs-graphql-security-guardrails"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/All_the_knobs_Graph_QL_Guardrails_Cover.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">May 27, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>All The Knobs - Security guardrails for GraphQL attack surfaces</h3><div class="Posts_footer__z7JYC"><a href="/blog/all-the-knobs-graphql-security-guardrails"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/you-dont-need-to-disable-introspection"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/Granular_Introspection_Access_Control.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">May 20, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>No, you don’t need to disable Introspection</h3><div class="Posts_footer__z7JYC"><a href="/blog/you-dont-need-to-disable-introspection"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a><a class="Posts_post__DbZ9o" href="/blog/how-secure-is-your-graph-ql-server"><div class="Posts_image__LAEnm"><img width="100%" src="/img/strapi/post_1_1.webp"/></div><div class="Posts_info__Y5_2Z"><div class="Posts_date__Gi6aB">May 13, 2022</div><div class="Posts_divider__Dy9Z5">·</div><div>Shahar Binyamin</div></div><h3>How secure is your GraphQL server?</h3><div class="Posts_footer__z7JYC"><a href="/blog/how-secure-is-your-graph-ql-server"><button class="Posts_button__92s1G"><span>Read more</span><svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M10 0.25C8.07164 0.25 6.18657 0.821828 4.58319 1.89317C2.97982 2.96451 1.73013 4.48726 0.992179 6.26884C0.254225 8.05042 0.061142 10.0108 0.437348 11.9021C0.813554 13.7934 1.74215 15.5307 3.10571 16.8943C4.46928 18.2579 6.20656 19.1865 8.09787 19.5627C9.98919 19.9389 11.9496 19.7458 13.7312 19.0078C15.5127 18.2699 17.0355 17.0202 18.1068 15.4168C19.1782 13.8134 19.75 11.9284 19.75 10C19.745 7.41566 18.7162 4.93859 16.8888 3.11118C15.0614 1.28378 12.5843 0.254956 10 0.25ZM10 18.25C8.36831 18.25 6.77326 17.7661 5.41655 16.8596C4.05984 15.9531 3.00242 14.6646 2.378 13.1571C1.75358 11.6496 1.5902 9.99085 1.90853 8.3905C2.22685 6.79016 3.01259 5.32015 4.16637 4.16637C5.32016 3.01259 6.79017 2.22685 8.39051 1.90852C9.99085 1.59019 11.6497 1.75357 13.1571 2.37799C14.6646 3.00242 15.9531 4.05984 16.8596 5.41655C17.7661 6.77325 18.25 8.3683 18.25 10C18.2475 12.1873 17.3775 14.2843 15.8309 15.8309C14.2843 17.3775 12.1873 18.2475 10 18.25ZM14.2844 9.46563C14.4252 9.60782 14.5042 9.79986 14.5042 10C14.5042 10.2001 14.4252 10.3922 14.2844 10.5344L11.0969 13.7125C11.0288 13.7825 10.9471 13.8378 10.8568 13.8748C10.7665 13.9119 10.6695 13.9301 10.5719 13.9281C10.4728 13.9303 10.3744 13.9122 10.2826 13.8752C10.1907 13.8381 10.1073 13.7828 10.0375 13.7125C9.89724 13.5719 9.81848 13.3814 9.81848 13.1828C9.81848 12.9842 9.89724 12.7937 10.0375 12.6531L11.9406 10.75H6.25C6.05109 10.75 5.86033 10.671 5.71967 10.5303C5.57902 10.3897 5.5 10.1989 5.5 10C5.5 9.80109 5.57902 9.61032 5.71967 9.46967C5.86033 9.32902 6.05109 9.25 6.25 9.25H11.9406L10.0375 7.34687C9.90823 7.20421 9.83878 7.01729 9.84352 6.82483C9.84826 6.63236 9.92683 6.44909 10.063 6.31296C10.1991 6.17682 10.3824 6.09825 10.5748 6.09351C10.7673 6.08877 10.9542 6.15823 11.0969 6.2875L14.2844 9.46563Z" fill="currentColor"></path></svg></button></a></div></a></div></div></section></div><div class="Footer_footer__AaBZs dark"><div class="container"><div class="Footer_main__Pz_IY"><div class="Footer_left__g5Jwd"><a href="/"><img class="Footer_logo__RdbIO" width="127" height="36" alt="Inigo Logo" src="/img/logo_alternate.svg" loading="lazy"/></a></div><div class="Footer_navigation__97Tfv"><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Product</h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="/observability">In-Depth Observability </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="/managed_schema">Schema Registry </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="security">Multi-Layer Security </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="explorer">GraphQL Explorer </a></div></div></div><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Solutions </h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="gateway">Inigo's GraphQL Router </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="byog">Inigo’s Apollo Plugin </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="byos">Inigo’s GraphQL Middleware </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="api-gateway">API Gateway Integration </a></div></div></div><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Learn</h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="blog">Blog </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://docs.inigo.io">Docs <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://docs.inigo.io/tutorials/tutorials_part_1">Tutorials <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="apollo-vs-inigo">Inigo vs. GraphOS </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="media">Media & Webinars </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="press">Press </a></div></div></div><div class="Footer_column__xd9lQ"><h3 class="Footer_title__VCjok">Company</h3><div class="Footer_list__SiePl"><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="about">About us </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="legal">Legal </a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://reddit.com/user/InigoGraphQL">Reddit <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://www.linkedin.com/company/inigo">LinkedIn <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://github.com/inigolabs">GitHub <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div><div class="Footer_item__jLVly"><a class="Footer_link__hmjXZ" href="https://landing.inigo.io/demo">Contact us <svg class="Footer_arrow__h75BT" width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.79164 4.49424C4.79167 4.30647 4.86627 4.1264 4.99904 3.99364C5.13181 3.86087 5.31188 3.78626 5.49964 3.78624L11.5081 3.78624C11.6959 3.78626 11.876 3.86087 12.0087 3.99364C12.1415 4.12641 12.2161 4.30647 12.2161 4.49423L12.2161 10.5027C12.2129 10.6884 12.1369 10.8653 12.0045 10.9955C11.872 11.1256 11.6938 11.1985 11.5081 11.1985C11.3225 11.1985 11.1442 11.1256 11.0118 10.9955C10.8794 10.8653 10.8034 10.6884 10.8001 10.5027L10.8001 6.20365L4.99893 12.0048C4.86614 12.1376 4.68603 12.2122 4.49823 12.2122C4.31042 12.2122 4.13031 12.1376 3.99752 12.0048C3.86472 11.872 3.79012 11.6919 3.79012 11.5041C3.79012 11.3163 3.86472 11.1362 3.99752 11.0034L9.79871 5.20224H5.49964C5.31188 5.20221 5.13181 5.12761 4.99904 4.99484C4.86627 4.86207 4.79167 4.682 4.79164 4.49424Z" fill="currentColor"></path></svg></a></div></div></div></div></div><div class="Footer_copyright__E_szu"><span>Copyright © 2024 Inigo Labs, Inc. |  All Rights Reserved. | <a href="https://status.inigo.io" target="_blank">Systems Status</a></span></div></div></div><script async="" src="https://embed.savvycal.com/v1/embed.js"></script><script> window.SavvyCal=window.SavvyCal||function(){(SavvyCal.q=SavvyCal.q||[]).push(arguments)}; </script><script> SavvyCal('init'); </script></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"pages":[{"pid":"kubecon-na-2022","title":"kubecon-na-2022"},{"pid":"press","title":"press"},{"pid":"about","title":"about"},{"pid":"home","title":"home"},{"pid":"__security","title":"__security"},{"pid":"query_protection","title":"query_protection"},{"pid":"access_control","title":"access_control"},{"pid":"rate_limiting","title":"rate_limiting"},{"pid":"managed_federation","title":"managed_federation"},{"pid":"careers","title":"careers"},{"pid":"observability","title":"observability"},{"pid":"managed_schema","title":"managed_schema"},{"pid":"security","title":"security"},{"pid":"explorer","title":"explorer"},{"pid":"solutions","title":"solutions"},{"pid":"byog","title":"byog"},{"pid":"api-gateway","title":"api-gateway"},{"pid":"byos","title":"byos"},{"pid":"gateway","title":"gateway"}],"headerNavigation":[{"id":14,"Title":"Product","ref":null,"children":[{"id":65,"title":"In-Depth Observability","ref":"observability","description":"Analytics, Errors and Alerting","color":"#8F8CE1","icon":{"data":{"id":471,"attributes":{"name":"icon_monitoring.svg","alternativeText":"icon_monitoring.svg","caption":"icon_monitoring.svg","width":48,"height":48,"hash":"icon_monitoring_4d769619ee","ext":".svg","mime":"image/svg+xml","size":0.56,"url":"/img/strapi/icon_monitoring.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T15:44:24.623Z","updatedAt":"2023-12-26T15:44:24.623Z"}}},"children":[]},{"id":68,"title":"Schema Registry","ref":"managed_schema","description":"Composition, Schema Checks, Registry and Linting","color":"#AC44EF","icon":{"data":{"id":480,"attributes":{"name":"icon_schema.svg","alternativeText":"icon_schema.svg","caption":"icon_schema.svg","width":48,"height":48,"hash":"icon_schema_dd41bc4feb","ext":".svg","mime":"image/svg+xml","size":2.12,"url":"/img/strapi/icon_schema.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T16:40:51.519Z","updatedAt":"2023-12-26T16:40:51.519Z"}}},"children":[]},{"id":67,"title":"Multi-Layer Security","ref":"security","description":"Rate Limiting and Query Protection","color":"#84ACF3","icon":{"data":{"id":486,"attributes":{"name":"icon_security.svg","alternativeText":"icon_security.svg","caption":"icon_security.svg","width":48,"height":48,"hash":"icon_security_a3240ef9ab","ext":".svg","mime":"image/svg+xml","size":1.8,"url":"/img/strapi/icon_security.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T16:53:58.372Z","updatedAt":"2023-12-26T16:53:58.372Z"}}},"children":[]},{"id":66,"title":"GraphQL Explorer","ref":"explorer","description":"Collaborative Query Builder","color":"#D4B053","icon":{"data":{"id":491,"attributes":{"name":"icon_playground.svg","alternativeText":"icon_playground.svg","caption":"icon_playground.svg","width":48,"height":48,"hash":"icon_playground_b055fdcfa3","ext":".svg","mime":"image/svg+xml","size":1.05,"url":"/img/strapi/icon_playground.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-26T17:03:25.614Z","updatedAt":"2023-12-26T17:03:25.614Z"}}},"children":[]}]},{"id":17,"Title":"Solutions","ref":null,"children":[{"id":92,"title":"Use cases","ref":null,"description":null,"color":null,"icon":{"data":null},"children":[{"id":15,"title":"Inigo's GraphQL Router","ref":"gateway","icon":{"data":{"id":644,"attributes":{"name":"nav_inigo.svg","alternativeText":"nav_inigo.svg","caption":"nav_inigo.svg","width":16,"height":16,"hash":"nav_inigo_74f7ea23d1","ext":".svg","mime":"image/svg+xml","size":5.26,"url":"/img/strapi/nav_inigo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:36:05.083Z","updatedAt":"2024-08-23T14:36:05.083Z"}}}},{"id":12,"title":"Inigo’s Apollo Plugin","ref":"byog","icon":{"data":{"id":641,"attributes":{"name":"nav_byog.svg","alternativeText":"nav_byog.svg","caption":"nav_byog.svg","width":16,"height":16,"hash":"nav_byog_c44e9018e9","ext":".svg","mime":"image/svg+xml","size":6.93,"url":"/img/strapi/nav_byog.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:35:37.325Z","updatedAt":"2024-08-23T14:35:37.325Z"}}}},{"id":11,"title":"Inigo’s GraphQL Middleware","ref":"byos","icon":{"data":{"id":642,"attributes":{"name":"nav_byos.svg","alternativeText":"nav_byos.svg","caption":"nav_byos.svg","width":16,"height":16,"hash":"nav_byos_f05073cea1","ext":".svg","mime":"image/svg+xml","size":0.85,"url":"/img/strapi/nav_byos.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:35:47.192Z","updatedAt":"2024-08-23T14:35:47.192Z"}}}},{"id":13,"title":"API Gateway Integration","ref":"api-gateway","icon":{"data":{"id":643,"attributes":{"name":"nav_api.svg","alternativeText":"nav_api.svg","caption":"nav_api.svg","width":16,"height":16,"hash":"nav_api_e27c691a68","ext":".svg","mime":"image/svg+xml","size":1.41,"url":"/img/strapi/nav_api.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:35:57.287Z","updatedAt":"2024-08-23T14:35:57.287Z"}}}}]},{"id":93,"title":"Integrations","ref":null,"description":null,"color":null,"icon":{"data":null},"children":[{"id":21,"title":"Apollo Server","ref":"https://docs.inigo.io/product/agent_installation/javascript_apollo_plugin","icon":{"data":{"id":623,"attributes":{"name":"Apollo.svg","alternativeText":"Apollo.svg","caption":"Apollo.svg","width":16,"height":16,"hash":"Apollo_575ff22caf","ext":".svg","mime":"image/svg+xml","size":1.7,"url":"/img/strapi/Apollo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:03.978Z","updatedAt":"2024-08-02T14:35:03.978Z"}}}},{"id":22,"title":"Apollo Gateway","ref":"https://docs.inigo.io/product/agent_installation/javascript_apollo_gateway","icon":{"data":{"id":623,"attributes":{"name":"Apollo.svg","alternativeText":"Apollo.svg","caption":"Apollo.svg","width":16,"height":16,"hash":"Apollo_575ff22caf","ext":".svg","mime":"image/svg+xml","size":1.7,"url":"/img/strapi/Apollo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:03.978Z","updatedAt":"2024-08-02T14:35:03.978Z"}}}},{"id":20,"title":"Apollo Router","ref":"https://docs.inigo.io/product/agent_installation/rust_apollo_router","icon":{"data":{"id":623,"attributes":{"name":"Apollo.svg","alternativeText":"Apollo.svg","caption":"Apollo.svg","width":16,"height":16,"hash":"Apollo_575ff22caf","ext":".svg","mime":"image/svg+xml","size":1.7,"url":"/img/strapi/Apollo.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:03.978Z","updatedAt":"2024-08-02T14:35:03.978Z"}}}},{"id":23,"title":"Guild Yoga","ref":"https://docs.inigo.io/product/agent_installation/yoga","icon":{"data":{"id":624,"attributes":{"name":"logo yoga.svg","alternativeText":"logo yoga.svg","caption":"logo yoga.svg","width":16,"height":16,"hash":"logo_yoga_44d58eb36e","ext":".svg","mime":"image/svg+xml","size":6.55,"url":"/img/strapi/logo_yoga.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:21.568Z","updatedAt":"2024-08-02T14:35:21.568Z"}}}},{"id":24,"title":"Python Django","ref":"https://docs.inigo.io/product/agent_installation/python_django","icon":{"data":{"id":625,"attributes":{"name":"Phyton.svg","alternativeText":"Phyton.svg","caption":"Phyton.svg","width":16,"height":16,"hash":"Phyton_55ad6cdfd5","ext":".svg","mime":"image/svg+xml","size":1.61,"url":"/img/strapi/Phyton.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:28.237Z","updatedAt":"2024-08-02T14:35:28.237Z"}}}},{"id":25,"title":"Python Flask","ref":"https://docs.inigo.io/product/agent_installation/python_flask","icon":{"data":{"id":625,"attributes":{"name":"Phyton.svg","alternativeText":"Phyton.svg","caption":"Phyton.svg","width":16,"height":16,"hash":"Phyton_55ad6cdfd5","ext":".svg","mime":"image/svg+xml","size":1.61,"url":"/img/strapi/Phyton.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:35:28.237Z","updatedAt":"2024-08-02T14:35:28.237Z"}}}},{"id":26,"title":"Ruby on Rails","ref":"https://docs.inigo.io/product/agent_installation/ruby_on_rails","icon":{"data":{"id":626,"attributes":{"name":"Rails.svg","alternativeText":"Rails.svg","caption":"Rails.svg","width":16,"height":16,"hash":"Rails_0ad6e72312","ext":".svg","mime":"image/svg+xml","size":3.05,"url":"/img/strapi/Rails.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:05.667Z","updatedAt":"2024-08-20T16:19:19.312Z"}}}},{"id":27,"title":"Kubernetes Sidecar","ref":"https://docs.inigo.io/product/agent_installation/kubernetes","icon":{"data":{"id":627,"attributes":{"name":"Kubernetes.svg","alternativeText":"Kubernetes.svg","caption":"Kubernetes.svg","width":16,"height":16,"hash":"Kubernetes_94709cae0f","ext":".svg","mime":"image/svg+xml","size":11.32,"url":"/img/strapi/Kubernetes.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:16.514Z","updatedAt":"2024-08-02T14:36:16.514Z"}}}},{"id":30,"title":"Docker Standalone","ref":"https://docs.inigo.io/product/agent_installation/docker_standalone","icon":{"data":{"id":629,"attributes":{"name":"docker-icon-1024x739-rivf80b4 1.svg","alternativeText":"docker-icon-1024x739-rivf80b4 1.svg","caption":"docker-icon-1024x739-rivf80b4 1.svg","width":16,"height":16,"hash":"docker_icon_1024x739_rivf80b4_1_b9fe9b77d5","ext":".svg","mime":"image/svg+xml","size":4.68,"url":"/img/strapi/docker-icon-1024x739-rivf80b4_1.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:38.510Z","updatedAt":"2024-08-02T14:36:38.510Z"}}}},{"id":28,"title":"Docker Compose","ref":"https://docs.inigo.io/product/agent_installation/docker_compose","icon":{"data":{"id":629,"attributes":{"name":"docker-icon-1024x739-rivf80b4 1.svg","alternativeText":"docker-icon-1024x739-rivf80b4 1.svg","caption":"docker-icon-1024x739-rivf80b4 1.svg","width":16,"height":16,"hash":"docker_icon_1024x739_rivf80b4_1_b9fe9b77d5","ext":".svg","mime":"image/svg+xml","size":4.68,"url":"/img/strapi/docker-icon-1024x739-rivf80b4_1.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:36:38.510Z","updatedAt":"2024-08-02T14:36:38.510Z"}}}},{"id":29,"title":"Local Daemon","ref":"https://docs.inigo.io/product/agent_installation/standalone_agent","icon":{"data":{"id":645,"attributes":{"name":"local.svg","alternativeText":"local.svg","caption":"local.svg","width":16,"height":16,"hash":"local_5ba2d666f4","ext":".svg","mime":"image/svg+xml","size":0.27,"url":"/img/strapi/local.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-23T14:39:16.170Z","updatedAt":"2024-08-23T14:39:16.170Z"}}}},{"id":31,"title":"Kong","ref":"https://docs.inigo.io/product/agent_installation/kong","icon":{"data":{"id":631,"attributes":{"name":"Kong.svg","alternativeText":"Kong.svg","caption":"Kong.svg","width":17,"height":16,"hash":"Kong_3c06a74bde","ext":".svg","mime":"image/svg+xml","size":4.34,"url":"/img/strapi/Kong.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:37:16.806Z","updatedAt":"2024-08-02T14:37:16.806Z"}}}},{"id":32,"title":"Google Cloud Apigee","ref":"https://docs.inigo.io/product/agent_installation/apigee","icon":{"data":{"id":632,"attributes":{"name":"API.svg","alternativeText":"API.svg","caption":"API.svg","width":16,"height":16,"hash":"API_5e1d30f296","ext":".svg","mime":"image/svg+xml","size":3.71,"url":"/img/strapi/API.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-08-02T14:37:26.601Z","updatedAt":"2024-08-02T14:37:26.601Z"}}}},{"id":33,"title":"Hasura","ref":"https://docs.inigo.io/product/agent_installation/hasura","icon":{"data":{"id":573,"attributes":{"name":"Hasura.svg","alternativeText":"Hasura.svg","caption":"Hasura.svg","width":32,"height":32,"hash":"Hasura_2beedf3588","ext":".svg","mime":"image/svg+xml","size":2.46,"url":"/img/strapi/Hasura.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-04-05T12:51:01.009Z","updatedAt":"2024-04-05T12:51:01.009Z"}}}}]}]},{"id":15,"Title":"Pricing","ref":"pricing","children":[]},{"id":20,"Title":"Docs","ref":"https://docs.inigo.io","children":[]},{"id":2,"Title":"Blog","ref":"blog","children":[]},{"id":11,"Title":"Learn","ref":null,"children":[{"id":79,"title":"Tutorials","ref":"https://docs.inigo.io/tutorials/tutorials_part_1","description":null,"color":null,"icon":{"data":{"id":517,"attributes":{"name":"Tutorials.svg","alternativeText":"Tutorials.svg","caption":"Tutorials.svg","width":32,"height":32,"hash":"Tutorials_00ddeec014","ext":".svg","mime":"image/svg+xml","size":0.52,"url":"/img/strapi/Tutorials.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:22:42.230Z","updatedAt":"2024-02-01T16:22:42.230Z"}}},"children":[]},{"id":81,"title":"Inigo vs GraphOS","ref":"apollo-vs-inigo","description":null,"color":null,"icon":{"data":{"id":518,"attributes":{"name":"discovery.svg","alternativeText":"discovery.svg","caption":"discovery.svg","width":32,"height":32,"hash":"discovery_cea17bed6b","ext":".svg","mime":"image/svg+xml","size":1.58,"url":"/img/strapi/discovery.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:23:12.221Z","updatedAt":"2024-02-01T16:23:12.221Z"}}},"children":[]},{"id":77,"title":"Company","ref":"about","description":null,"color":null,"icon":{"data":{"id":515,"attributes":{"name":"blog.svg","alternativeText":"blog.svg","caption":"blog.svg","width":32,"height":32,"hash":"blog_1efe751850","ext":".svg","mime":"image/svg+xml","size":0.84,"url":"/img/strapi/blog.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:21:23.173Z","updatedAt":"2024-02-01T16:21:23.173Z"}}},"children":[]},{"id":80,"title":"Media \u0026 Webinars","ref":"media","description":null,"color":null,"icon":{"data":{"id":519,"attributes":{"name":"YouTube.svg","alternativeText":"YouTube.svg","caption":"YouTube.svg","width":32,"height":32,"hash":"You_Tube_7de9bfa780","ext":".svg","mime":"image/svg+xml","size":1.15,"url":"/img/strapi/YouTube.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-01T16:23:29.009Z","updatedAt":"2024-02-01T16:23:29.009Z"}}},"children":[]},{"id":94,"title":"Press","ref":"press","description":null,"color":null,"icon":{"data":{"id":174,"attributes":{"name":"press.svg","alternativeText":"press.svg","caption":"press.svg","width":24,"height":24,"hash":"press_784b5b1b4b","ext":".svg","mime":"image/svg+xml","size":1.69,"url":"/img/strapi/press.svg","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-01-26T16:40:35.744Z","updatedAt":"2023-01-26T16:40:35.744Z"}}},"children":[]}]}],"footerNavigation":[{"id":8,"Title":"Product","ref":null,"children":[{"id":22,"title":"In-Depth Observability","ref":"/observability","description":null,"color":null},{"id":72,"title":"Schema Registry","ref":"/managed_schema","description":null,"color":null},{"id":73,"title":"Multi-Layer Security","ref":"security","description":null,"color":null},{"id":74,"title":"GraphQL Explorer","ref":"explorer","description":null,"color":null}]},{"id":19,"Title":"Solutions ","ref":null,"children":[{"id":103,"title":"Inigo's GraphQL Router","ref":"gateway","description":null,"color":null},{"id":96,"title":"Inigo’s Apollo Plugin","ref":"byog","description":null,"color":null},{"id":97,"title":"Inigo’s GraphQL Middleware","ref":"byos","description":null,"color":null},{"id":98,"title":"API Gateway Integration","ref":"api-gateway","description":null,"color":null}]},{"id":16,"Title":"Learn","ref":null,"children":[{"id":70,"title":"Blog","ref":"blog","description":null,"color":null},{"id":71,"title":"Docs","ref":"https://docs.inigo.io","description":null,"color":null},{"id":69,"title":"Tutorials","ref":"https://docs.inigo.io/tutorials/tutorials_part_1","description":null,"color":null},{"id":75,"title":"Inigo vs. GraphOS","ref":"apollo-vs-inigo","description":null,"color":null},{"id":76,"title":"Media \u0026 Webinars","ref":"media","description":null,"color":null},{"id":95,"title":"Press","ref":"press","description":null,"color":null}]},{"id":6,"Title":"Company","ref":null,"children":[{"id":64,"title":"About us","ref":"about","description":null,"color":null},{"id":104,"title":"Legal","ref":"legal","description":null,"color":null},{"id":99,"title":"Reddit","ref":"https://reddit.com/user/InigoGraphQL","description":null,"color":null},{"id":100,"title":"LinkedIn","ref":"https://www.linkedin.com/company/inigo","description":null,"color":null},{"id":102,"title":"GitHub","ref":"https://github.com/inigolabs","description":null,"color":null},{"id":101,"title":"Contact us","ref":"https://landing.inigo.io/demo","description":null,"color":null}]}],"banner":{"text":"Inigo Gateway: The Next Evolution in GraphQL Management","link":"https://inigo.io/blog/inigo-gateway","createdAt":"2023-12-12T20:28:12.753Z","updatedAt":"2024-10-23T15:36:52.420Z","publishedAt":"2023-12-12T20:28:13.815Z"},"data":[{"id":57,"attributes":{"title":"GraphQL Schema Checks with GitHub Actions","author":"Nikolai Kaploniuk","text":"In a recent blog post, [4 Ways to Perform GraphQL Schema Checks with Inigo](https://inigo.io/blog/4-ways-to-perform-graphql-schema-checks-with-inigo), we explored the benefits of data-driven GraphQL backward compatibility during schema checks and shared insights into when and where to run them.\n\nToday, we’re thrilled to announce **Inigo’s GraphQL Schema Checks GitHub Action**—available now at GitHub. With this integration, schema changes and errors are surfaced directly in [GitHub](https://github.com/inigolabs/github-action) pull requests, enabling seamless checks for:\n\n- Composition errors\n- Linting issues\n- Breaking changes\n\n## Why It’s a Game-Changer\nIntegrating schema checks into your GitHub pull request workflow means developers can catch errors earlier in the development process. By showing issues—like breaking changes—right alongside your code, this action dramatically improves developer experience and reduces the risk of introducing schema-breaking updates.\nFor example, linting errors are displayed directly within GitHub:\n![Blog _ GraphQL Schema Checks with GitHub Actions Example.webp](/uploads/Blog_Graph_QL_Schema_Checks_with_Git_Hub_Actions_Example_477d605a3c.webp)\n\n\n## How to Get Started\nSetting up the Inigo GitHub Action is quick and easy. Just add the following to your GitHub Actions workflow file:\n```\n - name: Inigo GraphQL\n uses: inigolabs/github-action@main\n with:\n username: ${{ secrets.INIGO_USERNAME }}\n password: ${{ secrets.INIGO_PASSWORD }}\n path: configs/*.yml\n```\n\nFor detailed step-by-step instructions, visit our guide [here](https://docs.inigo.io/reference/cli/github_action).\n\nWith **Inigo’s GraphQL Schema Checks GitHub Action**, you can empower your team to deliver robust, backward-compatible GraphQL APIs while enhancing your CI/CD pipeline efficiency. Try it today and see how seamless schema management can be!","short_text":"\u003cp\u003eWith this integration, schema changes and errors are surfaced directly in GitHub pull requests.\u003c/p\u003e\n","createdAt":"2024-11-18T22:17:52.938Z","updatedAt":"2024-11-19T04:52:58.253Z","publishedAt":"2024-11-19T04:40:31.613Z","path":"graphql-schema-checks-with-github-actions","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-11-19","keywords":"Inigo, GraphQL, Schema Checks, Github actions","cover":{"data":{"id":684,"attributes":{"name":"Blog - GraphQL Schema Checks with GitHub Actions.webp","alternativeText":"Blog - GraphQL Schema Checks with GitHub Actions.webp","caption":"Blog - GraphQL Schema Checks with GitHub Actions.webp","width":2100,"height":900,"hash":"Blog_Graph_QL_Schema_Checks_with_Git_Hub_Actions_9fb0538564","ext":".webp","mime":"image/webp","size":27.44,"url":"/img/strapi/Blog_-_GraphQL_Schema_Checks_with_GitHub_Actions.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-11-19T04:38:59.521Z","updatedAt":"2024-11-19T04:38:59.521Z"}}},"related":[]}},{"id":56,"attributes":{"title":"Proposal the @imminent Directive: Future-Proofing GraphQL API Changes","author":"Nikolai Kaploniuk","text":"As GraphQL adoption grows, evolving API schemas without breaking existing clients becomes increasingly important. In particular, backward compatibility poses unique challenges when introducing required fields for **input types** and **arguments**. Currently, while GraphQL provides a method for deprecating fields in types and interfaces, there’s no straightforward way to signal that a field will soon become required for inputs.\n\nTo solve this, we propose the ```@imminent``` directive—a new way to communicate upcoming changes that allows clients to prepare for new required fields before they’re enforced. Here’s how it works and why it could be a game-changer for maintaining backward compatibility in GraphQL APIs.\n\n## GraphQL Inputs vs. Outputs: Compatibility Differences\nGraphQL schemas can be divided into inputs and outputs:\n- **Inputs:** Represent the data clients send to the API, which includes arguments on queries and mutations and input types. Changes to inputs directly affect how clients structure their requests.\n- **Outputs:** Represent the data returned by the API, covering fields in types and interfaces. Output changes are less risky since they’re explicitly requested by clients.\n\nManaging backward compatibility differs for each category, especially since outputs allow more flexibility than inputs when evolving a schema. Let’s explore how these differences impact schema evolution.\n\n### Backward Compatibility for Outputs\nWhen updating output fields, the process for maintaining compatibility is well-established:\n- **Adding Fields:** Adding new fields to outputs (types and interfaces) is non-breaking, as clients explicitly request fields they need in GraphQL.\n- **Deprecating Fields:** If an output field needs to be removed, it’s best to mark it as deprecated. This provides clients with a grace period to adjust queries, allowing you to eventually phase out unused or legacy fields.\n\n### Backward Compatibility Challenges for Inputs\nWhen working with input fields, the situation is trickier, especially for required fields:\n- **Adding Optional Fields:** Adding optional fields to inputs (input types and arguments) is generally safe and doesn’t impact clients that don’t use them.\n- **Adding Required Fields:** However, adding a required field to an input without warning disrupts clients that haven’t included it in their requests, leading to errors and API breakages. There’s currently no clear, non-breaking way to introduce required fields.\n\n## The Solution: The @imminent Directive\nTo address these challenges, we propose the ```@imminent``` directive as a way to signal to clients that an optional field will soon be required. The @imminent directive allows developers to make their intentions clear, providing a transition period where clients can start including the field before it’s enforced as required.\n\n### How to Use the @imminent Directive\nConsider the following example:\n```\ninput UpdateUserInput {\n email: String\n phoneNumber: String @imminent\n}\n```\n\nIn this schema, the ```phoneNumber``` field is marked with the ```@imminent``` directive, signaling that it will soon be mandatory. This allows developers and clients to proactively adjust their implementations, making the eventual transition to a required field smoother and less disruptive.\n\n### Why the @imminent Directive Matters\nThe ```@imminent``` directive brings several benefits for GraphQL API management:\n1. **Advanced Notice:** Signals to client developers that they should start including the marked fields in requests.\n2. **Tooling and IDE Support:** Once widely adopted, IDEs and tools can alert developers about ```@imminent``` fields, making it easier to stay informed of upcoming changes.\n3. **Safer Schema Evolution:** Allows API providers to manage change without forcing sudden breaks on clients, creating a gradual path for introducing new required fields.\n\n## How the @imminent Directive Complements Existing GraphQL Practices\nThe ```@imminent``` directive provides a structured approach to schema evolution, enabling safer and more predictable changes, especially in API environments with a large client base. Here’s how it fits alongside current practices:\n- **Deprecation for Outputs:** Just as fields in outputs can be deprecated, ```@imminent``` allows a similar warning system for inputs.\n- **Gradual Schema Evolution:** With ```@imminent```, schema changes can be introduced gradually, giving client developers time to adapt and reducing the risk of compatibility issues.\n\n## Looking Ahead\nThe ```@imminent``` directive offers a promising approach for handling input field changes in GraphQL. By signaling upcoming requirements, developers can future-proof their APIs while avoiding sudden disruptions to client integrations. As the GraphQL ecosystem evolves, this directive could become a standard in schema design, providing clearer communication between API providers and consumers.\n\n### Getting Started with Inigo for GraphQL Schema Management\nFor teams looking to implement robust schema management, Inigo offers a suite of GraphQL tools to simplify compatibility checks and schema monitoring. With features like automated backward compatibility checks and schema visualization, Inigo helps ensure a stable and future-ready API. Start exploring Inigo to see how you can make schema evolution a smoother process for your team and your API consumers.\n\n","short_text":"\u003cp\u003eA new way to communicate upcoming changes that allows clients to prepare for new required fields before they’re enforced\u003c/p\u003e\n","createdAt":"2024-11-11T23:27:47.537Z","updatedAt":"2024-11-12T22:55:57.679Z","publishedAt":"2024-11-12T22:55:57.675Z","path":"imminent-directive-future-proofing-graphql-api-changes","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-11-12","keywords":"Inigo, GraphQL, Gateway, Federation, Directives, imminent","cover":{"data":{"id":680,"attributes":{"name":"Proposal - imminent Directive Future-Proofing GraphQL API Changes.webp","alternativeText":"Proposal - imminent Directive Future-Proofing GraphQL API Changes.webp","caption":"Proposal - imminent Directive Future-Proofing GraphQL API Changes.webp","width":2100,"height":900,"hash":"Proposal_imminent_Directive_Future_Proofing_Graph_QL_API_Changes_a4a47f8ea5","ext":".webp","mime":"image/webp","size":29.4,"url":"/img/strapi/Proposal_-_imminent_Directive_Future-Proofing_GraphQL_API_Changes.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-11-12T22:55:30.631Z","updatedAt":"2024-11-18T20:24:11.209Z"}}},"related":[]}},{"id":55,"attributes":{"title":"4 Ways to Perform GraphQL Schema Checks with Inigo","author":"Shahar Binyamin","text":"For organizations leveraging GraphQL, ensuring backward compatibility in schema changes is crucial. Breaking changes can disrupt client functionality and create maintenance overhead. With Inigo, backward compatibility scheme checks become a streamlined, integrated part of your development workflow, ensuring your APIs remain stable and reliable.\n\n## 1. Using the Inigo Dashboard UI\nThe [Inigo Dashboard](https://app.inigo.io) offers a clear, step-by-step way to visualize schema changes and manage compatibility directly in the interface. Ideal for those looking to explore impact before code commits:\n\n- **Step 1:** Log in to the [Inigo Dashboard](https://app.inigo.io).\n- **Step 2:** Access the Schema View.\n- **Step 3:** Locate the specific field using the search or filter functions.\n\n![Inigo GraphQL - Schema Checks - Schema Fields.png](/uploads/Inigo_Graph_QL_Schema_Checks_Schema_Fields_8f2af59e54.png)\n\n- **Step 4:** Apply filters to view data limited to this field.\n- **Step 5:** Check field usage over the past 30 days, giving you an instant view of how your changes affect current usage.\n\n![Inigo GraphQL - Schema Checks - Filter By Field.png](/uploads/Inigo_Graph_QL_Schema_Checks_Filter_By_Field_438c59db2f.png)\n\n\n**Why This Works:** The Dashboard provides an instant overview of schema usage, so you can assess compatibility impact and reduce the risk of breaking changes across clients.\n\n## 2. Using GitHub Actions for Automated Checks\nInigo’s GitHub Actions integration brings automated schema compatibility checks into your CI/CD pipeline. This method is perfect for developers seeking hands-off compatibility verification:\n\n- **Step 1:** Commit your code and create a pull request. Inigo’s schema check automatically kicks off within your CI/CD process.\n- **Step 2:** Review the compatibility report generated after the CI job, highlighting any issues with backward compatibility.\n\n**Why This Works:** Integrating Inigo with GitHub Actions means that compatibility checks are embedded directly into your version control. Developers receive immediate feedback on their changes, helping them catch and fix issues early, without manual intervention.\n\n## 3. Using the Inigo CLI for Local Schema Checks\nThe Inigo CLI provides instant compatibility validation from your terminal. Perfect for developers wanting quick feedback without needing a full CI run.\n\n- **Step 1:** Open your terminal and run [inigo check](https://docs.inigo.io/reference/cli/commands/check).\n- **Step 2:** Review the compatibility feedback on schema changes and adjust as needed before code commit.\n\n**Why This Works:** The CLI is ideal for quick, local checks, allowing you to catch and resolve compatibility issues early in the development process.\n\n## 4. Coming Soon: VS Code Integration\nFor real-time, in-editor compatibility checks, Inigo’s upcoming VS Code extension will provide developers with instant feedback within their favorite IDE:\n- **Hover Over a Field:** Developers can simply hover over any GraphQL field in their codebase.\n- **View Usage Insights and Warnings:** Inigo will display field usage insights directly in VS Code, providing immediate visibility on compatibility concerns.\n\n**Why This Works:** The VS Code integration removes context-switching, providing real-time, in-IDE feedback so you can catch compatibility issues as you work, streamlining development and increasing productivity.\n\n## Final Thoughts\nSchema checks and specifically backward compatibility is a cornerstone of robust API management. With [Inigo’s suite of tools](https://app.inigo.io)—from the intuitive Dashboard UI and automated GitHub Actions to the CLI and upcoming VS Code integration—developers can seamlessly incorporate compatibility checks into their daily workflows, ensuring APIs that are stable, scalable, and consumer-friendly.\n\nGetting started with Inigo is simple: [sign up](https://app.inigo.io) for a free account to explore how these compatibility tools can enhance your GraphQL development process. Whether you’re just beginning to scale your GraphQL API or are managing complex schema versions, Inigo provides the insights and tools you need to maintain stability while evolving your API. \n\nStart your journey with Inigo today, and see how easy backward compatibility can be!","short_text":"\u003cp\u003eFor organizations leveraging GraphQL, ensuring schema check and backward compatibility in schema changes is crucial.\u003c/p\u003e\n","createdAt":"2024-11-09T21:48:28.841Z","updatedAt":"2024-11-12T00:49:43.300Z","publishedAt":"2024-11-12T00:39:54.816Z","path":"4-ways-to-perform-graphql-schema-checks-with-inigo","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-11-11","keywords":"Inigo, GraphQL, Gateway","cover":{"data":{"id":679,"attributes":{"name":"4 Ways to Perform GraphQL Schema Checks with Inigo.webp","alternativeText":"4 Ways to Perform GraphQL Schema Checks with Inigo.webp","caption":"4 Ways to Perform GraphQL Schema Checks with Inigo.webp","width":2100,"height":900,"hash":"4_Ways_to_Perform_Graph_QL_Schema_Checks_with_Inigo_d8a14e9e76","ext":".webp","mime":"image/webp","size":43.17,"url":"/img/strapi/4_Ways_to_Perform_GraphQL_Schema_Checks_with_Inigo.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-11-12T00:38:55.187Z","updatedAt":"2024-11-12T14:53:08.982Z"}}},"related":[]}},{"id":53,"attributes":{"title":"Announcing Inigo Gateway: The Next Evolution in GraphQL Management","author":"Shahar Binyamin","text":"Today, we're thrilled to announce the launch of Inigo Gateway, a groundbreaking advancement in GraphQL infrastructure management. Building on our success as a best-in-class security and observability plugin, we've expanded our offering to deliver a comprehensive, full-stack GraphQL Gateway solution.\n\n## From Plugin to Full-Fledged Gateway: The Inigo Journey\nOur journey began with a laser-focused mission: providing unparalleled security and observability for GraphQL APIs. As GraphQL adoption grew, so did the challenges of managing complex deployments at scale. Listening to our customers' evolving needs, we've transformed Inigo from a plugin into a full-featured GraphQL Gateway.\n\n## Inigo Gateway: A New Standard in GraphQL Management\nInigo Gateway represents a significant leap forward, combining our industry-leading security and observability features with powerful routing capabilities. Here's what sets our new Gateway apart:\n\n1. **High-Performance Routing:** Built with Go, Inigo Gateway processes millions of queries per second with minimal latency, optimizing your GraphQL operations like never before.\n2. **Advanced Multi-Layer Security:** We've expanded our security features to include query-based rate limiting, schema-based Role-Based Access Control (RBAC), and advanced protection against DoS and data scraping attacks.\n3. **Scalability for Any Deployment:** Whether you're running a single monolithic server or managing hundreds of federated subgraphs, Inigo Gateway scales effortlessly to meet your needs.\n4. **Flexible Deployment Options:** Choose between self-hosted deployment for maximum control or our new fully-managed SaaS solution for ease of use.\n5. **Broader Compatibility:** Inigo Gateway now integrates seamlessly with Kong, Apigee, and other major API gateways, supporting both Federation V1 \u0026 V2.\n6. **Native Subscription Support:** Manage GraphQL subscriptions out of the box, ensuring smooth real-time data flows for your applications.\n7. **Intelligent Schema Management:** Benefit from automated schema validation, version control, and safe schema evolution with diff analysis.\n\n## Why Inigo Gateway Stands Out\nIn an increasingly competitive market for API management solutions, Inigo Gateway stands out:\n\n- **Unified Architecture:** A comprehensive, GraphQL-specific feature set that eliminates the need for multiple disparate tools.\n- **Cost Efficiency:** Reduce infrastructure and licensing costs by consolidating your GraphQL management stack.\n- **Seamless Integration:** Whether you're migrating from another solution or starting fresh, Inigo Gateway integrates smoothly with your existing infrastructure.\n- **Enterprise-Ready:** With SOC 2 Type II certification and features like SSO, Inigo Gateway meets the most stringent enterprise requirements.\n\n## Real-World Impact\nEarly adopters of Inigo Gateway are already seeing significant benefits:\n\n- An e-commerce giant reduced API latency by 40% while strengthening their security posture.\n- A fintech company accelerated their development cycles by 30%, shipping new features faster and with greater confidence.\n- A social media startup seamlessly handled a 10x traffic spike during a viral event without service disruptions.\n\n## Embrace The Future of GraphQL Management\nWith the launch of Inigo Gateway, we're not just introducing a new product – we're ushering in a new era of GraphQL management. By combining high performance, robust security, comprehensive observability, and developer-friendly tools, Inigo Gateway empowers organizations to build, scale, and secure their GraphQL APIs with unprecedented ease and efficiency.\n\n## Getting Started with Inigo Gateway\nWe're excited to get Inigo Gateway into your hands. Here's how you can get started:\n1. Visit inigo.io to learn more about Inigo Gateway and its features.\n2. Sign up for a free trial to experience the power of Inigo Gateway firsthand.\n3. Check out our comprehensive documentation to dive deep into Inigo Gateway's capabilities.\n4. Join our community forum to connect with other developers and share your experiences.\n\nThe next chapter in GraphQL management is here, and it's powered by Inigo Gateway. Visit inigo.io today and take the first step towards a more efficient, secure, and scalable GraphQL future.\n","short_text":"\u003cp\u003eWe're thrilled to announce the launch of Inigo Gateway, a groundbreaking advancement in GraphQL infrastructure management.\u003c/p\u003e\n","createdAt":"2024-09-23T16:07:24.535Z","updatedAt":"2024-09-23T16:07:26.290Z","publishedAt":"2024-09-23T16:07:26.285Z","path":"inigo-gateway","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-09-23","keywords":"Inigo, GraphQL, Gateway","cover":{"data":{"id":675,"attributes":{"name":"Blog - Inigo Gateway.png","alternativeText":"Blog - Inigo Gateway.png","caption":"Blog - Inigo Gateway.png","width":2100,"height":900,"hash":"Blog_Inigo_Gateway_7b97f31f4d","ext":".png","mime":"image/png","size":819.82,"url":"/img/strapi/Blog_-_Inigo_Gateway.png","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-09-23T16:07:16.594Z","updatedAt":"2024-09-23T16:07:16.594Z"}}},"related":[]}},{"id":54,"attributes":{"title":"What is GraphQL? A Comprehensive Overview of GraphQL","author":"Shahar Binyamin","text":"GraphQL has transformed API design by enabling applications to fetch precisely the data they need, creating a more efficient and flexible approach to client-server communication. This guide dives into GraphQL's origins, explains how it works, and explores its benefits and best practices, along with insights from the development community.\n\n## What Is GraphQL?\nGraphQL is a query language and server-side runtime for APIs, designed to allow clients to specify exactly what data they need, avoiding over-fetching and under-fetching. Unlike traditional REST APIs, which are structured around multiple endpoints, GraphQL consolidates data requests into a single endpoint and query format, making it ideal for modern, complex applications. Facebook developed GraphQL in 2012 to improve data fetching for its mobile app, and it became open-sourced in 2015. Since then, GraphQL’s adoption has skyrocketed, driven by its efficiency, ease of use, and flexibility.\n\n### GraphQL as Middleware\nGraphQL acts as a middleware layer, connecting various data sources, such as databases, microservices, and even other APIs, and returning only the requested data to the client. It works as an abstraction layer, allowing developers to work independently of specific backend structures or databases.\n\n## How Does GraphQL Work?\nAt the core of GraphQL are schemas and resolvers, which together define the shape of the data available and how it’s accessed.\n\n### Schemas, Fields, Types, and Resolvers\nA GraphQL schema defines the types of data that can be queried, structured hierarchically to reflect real-world relationships. Each schema field has a resolver function that fetches data, handles processing, and returns the final data to the client. This approach gives developers the power to connect disparate data sources without tightly coupling them to the frontend.\n\nExample Schema:\n```\ntype Query {\n product: Product\n}\n\ntype Product {\n name: String\n price: Float\n manufacturer: Manufacturer\n}\n\ntype Manufacturer {\n name: String\n country: String\n}\n```\n\n### GraphQL Operations: Queries and Mutations\n- **Queries** retrieve data (similar to REST’s GET).\n- **Mutations** allow for data modification, similar to POST, PUT, or DELETE in REST.\n- **Subscriptions** provide real-time data updates, helpful for live data monitoring.\n\n### Introspection and Discoverability\nGraphQL’s introspection feature allows developers to query the schema itself, making it easier to see available data types and relationships, promoting discoverability. Tools like Apollo Studio leverage this feature, giving developers a clear view of API capabilities.\n\n## GraphQL vs. REST\n### Why Choose GraphQL Over REST?\nREST APIs, while widely used, come with challenges like over-fetching, under-fetching, and complex versioning. GraphQL offers a single endpoint for data requests, enabling clients to ask only for what they need, reducing both payload size and network load. Instead of managing many endpoints, developers define a schema, which is like a contract between client and server, ensuring clients receive predictable data.\n\n### Comparison\nOver-fetching and Under-fetching: GraphQL addresses these issues by allowing precise, single-query requests, unlike REST, which often requires multiple calls.\nStrong Typing: GraphQL’s schema defines strict types, helping prevent errors and creating a stable API that’s easy to extend without breaking changes.\nNo Versioning Needed: GraphQL schemas can be updated incrementally without the need for versioning, as clients only request specific fields.\n\n## When Should You Use GraphQL?\n### Ideal Use Cases for GraphQL\n1. **Mobile and Web Applications:** With its low network footprint and precise data fetching, GraphQL is well-suited for mobile apps where bandwidth is a concern.\n2. **Real-Time Data Dashboards:** Subscriptions make GraphQL effective for real-time data monitoring.\n3. **Microservices and Data Aggregation:** GraphQL simplifies aggregating data from various microservices into one query, allowing for efficient data access in complex architectures.\n4. **Prototyping and Frontend Development:** By decoupling backend and frontend work, GraphQL enables frontend teams to work independently, accelerating development.\n\n## GraphQL Best Practices\n### 1. Ensure Naming Consistency in the Schema\nUse clear and consistent naming conventions, such as camelCase for fields and PascalCase for types, to prevent confusion across the schema.\n\n### 2. Plan for Future Modifications\nDesign schemas to be flexible, allowing for future additions without breaking existing queries. GraphQL’s type system supports deprecation, making schema evolution easier.\n\n### 3. Use Logical Fragments\nFragments enable reusable query components but should be used thoughtfully to maintain readability and avoid unnecessary complexity.\n\n### 4. Avoid Hard-Coded Arguments\nUse variables instead of hard-coded values to enhance security, readability, and caching efficiency.\n\n### 5. Establish an Error Handling Plan\nImplement structured error handling from the beginning to ensure the app can handle failures gracefully, helping identify and recover from issues quickly.\n\n## Benefits of GraphQL\nGraphQL offers several advantages over REST:\n\n- **No Over-fetching/Under-fetching:** Clients request specific data, reducing payload size.\n- **Low Network Footprint:** Consolidating data requests into a single query minimizes network traffic.\n- **Evolving APIs Without Versioning:** GraphQL schemas can be updated incrementally, as clients only request specific fields, reducing the need for strict versioning.\n- **Strong Typing:** With strict types, GraphQL APIs are stable and predictable, enhancing error prevention.\n- **Rich Tooling Ecosystem:** Tools like Apollo Client and GraphiQL make GraphQL development accessible and efficient, providing debugging and introspection capabilities.\n\n## FAQs About GraphQL\n**What is GraphQL?** GraphQL is a query language and runtime for APIs that allows clients to fetch specific data from a single endpoint, created by Facebook to address limitations in REST APIs.\n\n**How does GraphQL differ from REST?** GraphQL allows clients to specify exactly the data they need, unlike REST, which often requires multiple endpoints or returns too much data.\n\n**Can GraphQL work with any data source?** Yes, GraphQL is agnostic of data sources and can pull data from databases, REST APIs, microservices, or even JSON files through resolvers.\n\n**What is Inigo GraphQL?** Inigo GraphQL offers a platform to manage GraphQL queries with enhanced performance features, caching, and error handling, ideal for large-scale applications.\n\n**Does GraphQL require a specific database?** No, GraphQL doesn’t require any particular database; it works as an abstraction layer over various data sources.\n\n**Why is GraphQL popular?** GraphQL offers precise data fetching, reduces network load, and supports real-time updates, making it efficient and ideal for modern applications.\n\nGraphQL has become a preferred API solution in many sectors due to its flexibility and performance benefits. By following best practices and leveraging tools like Inigo GraphQL, developers can unlock GraphQL’s full potential, making it an excellent choice for scalable, data-driven applications.\n","short_text":"\u003cp\u003eGraphQL has become a preferred API solution in many sectors due to its flexibility and performance benefits.\u003c/p\u003e\n","createdAt":"2024-10-30T22:27:40.450Z","updatedAt":"2024-10-31T17:44:29.506Z","publishedAt":"2024-10-30T22:29:30.455Z","path":"what-is-graphql","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-08-01","keywords":"Inigo, GraphQL, Gateway","cover":{"data":{"id":676,"attributes":{"name":"Blog _ What is GraphQL_.webp","alternativeText":"Blog _ What is GraphQL_.webp","caption":"Blog _ What is GraphQL_.webp","width":2100,"height":900,"hash":"Blog_What_is_Graph_QL_074882a5de","ext":".webp","mime":"image/webp","size":25.74,"url":"/img/strapi/Blog___What_is_GraphQL_.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-10-31T17:44:10.535Z","updatedAt":"2024-10-31T17:44:10.535Z"}}},"related":[]}},{"id":52,"attributes":{"title":"Inigo Recognized in Gartner's Hype Cycle for APIs, 2024","author":"Shahar Binyamin","text":"We are excited to announce that Inigo has been recognized as a leading GraphQL vendor in the 2024 Gartner Hype Cycle for APIs. This acknowledgment highlights the growing significance of specialized GraphQL tools in the API management landscape and solidifies Inigo’s position as an industry leader.\n\nThe Gartner Hype Cycle is a trusted resource for technology leaders, offering insights into the maturity and adoption of various technologies. Our inclusion in this report signifies that Inigo is at the forefront of addressing the unique challenges and opportunities presented by GraphQL in enterprise environments.\n\n## Key Insights from the Gartner Hype Cycle\n1. **Infrastructure Requirements:** Gartner emphasizes that GraphQL necessitates additional infrastructure, such as GraphQL servers and gateways, which often exceeds the capabilities of typical API management tools. Inigo directly addresses this challenge by providing comprehensive GraphQL-specific features that integrate seamlessly with existing API management solutions like [Kong](https://inigo.io/blog/kong-plugin) and [Apigee](https://inigo.io/blog/google-cloud-inigo).\n2. **Vendor Support Evaluation:** The report recommends evaluating API management vendor support for GraphQL. Inigo stands out in this regard, offering robust support for the entire GraphQL API lifecycle, from design to deployment and management.\n3. **Community of Practice:** Gartner advises organizations to adopt community-of-practice approaches to mentor developers in GraphQL. Inigo's platform serves as an excellent foundation for building such communities, offering tools and features that align with GraphQL best practices and facilitate knowledge sharing.\n4. **Adoption Challenges:** The report highlights obstacles to GraphQL adoption, including additional costs, training needs, and new processes. Inigo tackles these challenges head-on by streamlining API development, accelerating adoption, and reducing overall costs.\n\n\u003eGraphQL APIs require investment in building, managing and operating additional infrastructure beyond typical API management tools. For example, they require a GraphQL server-side runtime for executing queries, implying additional costs, personnel and processes.\n\nFind out more about where GraphQL fits into your enterprise API strategy in [Gartner’s Hype Cycle for APIs, 2024](https://www.gartner.com/en/documents/5551595).\n\n## Conclusion\nAs GraphQL continues to gain traction in the enterprise space, Inigo is proud to be recognized by Gartner as a vendor helping to shape the future of API management. We remain committed to innovating and providing solutions that empower organizations to harness the full potential of GraphQL in their API strategies.\n\nFor more information on how Inigo can support your GraphQL journey, [contact our team](https://landing.inigo.io/demo).\n","short_text":"\u003cp\u003eInigo is recognized in the 2024 Gartner Hype Cycle for APIs as a leading GraphQL vendor.\u003c/p\u003e\n","createdAt":"2024-07-15T19:37:20.932Z","updatedAt":"2024-07-29T20:11:50.047Z","publishedAt":"2024-07-15T22:35:19.120Z","path":"inigo-gartner-API-hype-cycle-2024","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-07-15","keywords":"Inigo, GraphQL, Gartner, API, Hype 2024","cover":{"data":{"id":608,"attributes":{"name":"Blog _ Inigo Recognized in Gartner's Hype Cycle for APIs, 2028.webp","alternativeText":"Blog _ Inigo Recognized in Gartner's Hype Cycle for APIs, 2028.webp","caption":"Blog _ Inigo Recognized in Gartner's Hype Cycle for APIs, 2028.webp","width":2100,"height":900,"hash":"Blog_Inigo_Recognized_in_Gartner_s_Hype_Cycle_for_AP_Is_2028_22cedcd10a","ext":".webp","mime":"image/webp","size":109.86,"url":"/img/strapi/Blog___Inigo_Recognized_in_Gartner's_Hype_Cycle_for_APIs,_2028.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-07-15T22:35:12.076Z","updatedAt":"2024-07-15T22:35:12.076Z"}}},"related":[]}},{"id":51,"attributes":{"title":"Deliver Software Faster with GraphQL and Inigo: Whitepaper Preview","author":"Eric Murphy","text":"\u003e Get the entire 10-page whitepaper [here](https://landing.inigo.io/whitepaper). This blog is a preview of the content.\n\nThe dream of a rapid software release cycle—with daily or even hourly updates—is vital for accelerating development and reducing the time to market for new features. As the core of modern software feature delivery, APIs require agile and automated API testing and lifecycle management for sustained rapid releases.\n\nDespite its widespread adoption, the traditional REST API model struggles under the pressures of fast iteration. REST necessitates multiple endpoints and versions, which complicates the management process and hampers the evolution of APIs. Moreover, REST and OpenAPI specifications only allow for deprecation through documentation rather than as an integral part of the API specification itself. This becomes increasingly cumbersome when managing microservices, backends for frontend services (BFFs), and API gateways, as the challenges of REST are multiplied across various deployment targets.\n\n## Enter GraphQL: A Powerful Solution for API Management\n\nGraphQL offers a powerful alternative that is transforming API management at scale. Unlike REST, GraphQL supports iterative development and automated testing, which are critical for rapid development environments. Its unique features enable streamlined API evolution, making it a preferred choice for modern software projects.\n\n### Improved API Flexibility and Evolution\n\nGraphQL APIs are designed for iterative development and accommodate any GraphQL consumer. This flexibility allows consumers to query only the needed data without needing multiple API endpoints. The deprecation of types and fields is natively integrated into the GraphQL schema, eliminating the need for traditional versioning and significantly streamlining API lifecycle management. Developers can evolve the GraphQL schema, deploying numerous iterations over time while maintaining a seamless API consumer experience.\n\nGraphQL’s schema-driven development enables teams to iterate quickly without the overhead of maintaining multiple versions. This is particularly beneficial in microservices architectures where services are frequently updated. With REST, each update might require new endpoints or versions, leading to a proliferation of endpoints and an increased maintenance burden. In contrast, GraphQL’s single endpoint model simplifies the architecture, making it easier to manage and evolve.\n\n### Better API Testing Using Breaking Change Checks\n\nGraphQL simplifies API testing by leveraging actual usage data from GraphQL clients, a feature called Breaking Change Checks. This approach collects detailed API usage metrics, such as type and field usage over a specific period, to proactively identify potential disruptions. This method allows for daily API changes without needing coordination with API consumers unless a breaking change is necessary. Breaking Change Checks empowers developers to confidently and frequently implement API modifications, as shown in Figure 1.\n\nBy analyzing real-time usage data, Breaking Change Checks provides a safety net that REST APIs lack. GraphQL’s introspection capabilities and client usage metrics ensure that changes are made with a clear understanding of their impact, reducing the risk of breaking changes and enhancing the API's stability.\n\n![breaking-change-flow.png](/uploads/breaking_change_flow_baec15beff.png)\n\n**Figure 1. Breaking Change Checks in Practice**\n\nInigo [supports Breaking Change Checks](https://docs.inigo.io/product/schema_management/checks) as part of its broader GraphQL API Lifecycle management capabilities, including Operational Checks against field-level API usage history.\n\n## Conclusion\n\n\u003e Get the entire 10-page whitepaper [here](https://landing.inigo.io/whitepaper). This blog is a preview of the content.\n\nFor all of the steps of GraphQL adoption, Inigo provides the tools, services, and expertise to shorten the adoption timeframe and help implement GraphQL best practices from Day 1. To understand everything that Inigo offers, see the [Product Datasheet](https://inigo.io/overview) and [schedule a demo](https://inigo.io/demo) to see Inigo in action! \n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eGraphQL offers a powerful alternative that is transforming API management at scale. Unlike REST, GraphQL supports iterative development and automated testing, which are critical for rapid development environments. Its unique features enable streamlined API evolution, making it a preferred choice for modern software projects. Inigo is the perfect choice for helping your team move from REST to GraphQL.\u003c/p\u003e\n","createdAt":"2024-06-26T18:52:26.647Z","updatedAt":"2024-07-17T03:08:43.383Z","publishedAt":"2024-07-08T20:56:11.239Z","path":"deliver-software-faster","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-07-10","keywords":"Inigo, GraphQL, DevOps","cover":{"data":{"id":609,"attributes":{"name":"Blog _ Deliver Software Faster with GraphQL and Inigo.webp","alternativeText":"Blog _ Deliver Software Faster with GraphQL and Inigo.webp","caption":"Blog _ Deliver Software Faster with GraphQL and Inigo.webp","width":2100,"height":900,"hash":"Blog_Deliver_Software_Faster_with_Graph_QL_and_Inigo_895bac1167","ext":".webp","mime":"image/webp","size":33.17,"url":"/img/strapi/Blog___Deliver_Software_Faster_with_GraphQL_and_Inigo.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-07-17T03:08:39.215Z","updatedAt":"2024-07-17T03:08:39.215Z"}}},"related":[]}},{"id":50,"attributes":{"title":"Google Cloud and Inigo: Innovate with GraphQL","author":"Eric Murphy","text":"We are thrilled to announce a partnership between Inigo and Google Cloud. This collaboration leverages both companies' strengths to provide unparalleled GraphQL observability, security, and scalability for developers and enterprises building GraphQL APIs that run on Google Cloud. This partnership enables Google Cloud users to accelerate API transformation initiatives and ignite innovation with GraphQL APIs.\n\n## How Inigo Accelerates Your API Transformation on Google Cloud\n\nAPIs are the lifeblood of enterprise applications, and having modern and flexible APIs brings a competitive advantage — this is where GraphQL shines. Using Inigo on Google Cloud will accelerate your API transformation initiatives with:\n\n* **Unified Management:** Manage all GraphQL APIs in your organization with enhanced visibility and control, integrating seamlessly with your existing Google Cloud and Apigee infrastructure.\n* **Optimization:** Achieve optimal API performance with real-time analytics, monitoring, and alerting, proactively identifying and addressing issues with your GraphQL services.\n* **Enhanced Security:** Protect your GraphQL APIs with advanced security features, ensuring compliance with client authorization and safeguards against threats.\n\n## Google Cloud Supports Flexible, Scalable, and Cost-Effective GraphQL Deployments\n\nIn tandem with Inigo, Google Cloud makes it easy to run and manage GraphQL API services on GKE, Cloud Run, Cloud Functions, and Apigee:\n\n* **Google Kubernetes Engine (GKE):** Provides a robust, scalable, and fully managed Kubernetes service, enabling developers to orchestrate containerized GraphQL services with enterprise-grade reliability.\n* **Cloud Run:** Allows developers to deploy and run containerized GraphQL services in a fully managed environment. With automatic scaling from zero to N, Cloud Run ensures that your APIs are always available and you only pay for the resources you use.\n* **Cloud Functions:** Run GraphQL APIs as pay-per-use functions for outstanding cost efficiency and scalability.\n* **Apigee:** Enables secure, scalable, and reliable APIs with traffic management, security policies, and developer tools to control any API within your cloud.\n\nWhether your organization uses GKE, Cloud Run, Cloud Functions, and/or Apigee, Inigo offers an easy integration and adoption path. Your teams can immediately leverage Inigo's benefits for their GraphQL APIs.\n\n## Advanced GraphQL Management with Apigee and Inigo\n\nInigo [seamlessly integrates with the Apigee API gateway](https://inigo.io/blog/apigee-inigo), bringing the best of both worlds by extending it with advanced GraphQL API management features, such as:\n\n* **Granular Analytics:** Real-time insights with tree views, heat maps, and operation metrics.\n* **Robust Security:** Enhanced security through authorization using role-based access control, field-level rate limiting, and operation limits.\n* **Comprehensive Schema Management:** Track schema changes with SDL navigator and diff view, ensuring consistency and auditability.\n* **Easy Integration:** Inigo facilitates smooth integration with Apigee, enabling it to observe and control GraphQL queries running through Apigee’s API gateway.\n\n## Accelerate GraphQL API Development\n\nInigo simplifies and accelerates GraphQL API development in Google Cloud by providing the following:\n\n* **Automated API Deployments:** Utilize GitOps workflows with YAML policies and CLI integration for consistent and automated GraphQL API deployments.\n* **Quality Assurance:** Automate checks for GraphQL schema changes to reduce the risk of breaking API changes for GraphQL clients.\n* **Collaboration Tools:** Use Schema Linting to standardize schema formatting and naming conventions. Construct, save, and share GraphQL queries using Inigo’s Explorer GraphQL IDE.\n\n## Google Gemini-Powered GraphQL Observability\n\nWhen combining Google Gemini's AI services, Inigo provides a transformative advancement in API observability by leveraging AI to enhance developer interactions.\n\n* **Integrate Large Language Models (LLMs):** Inigo integrates the Google Gemini LLM to enhance GraphQL observability with additional capabilities.\n* **Enable Natural Language Queries:** Improve developer productivity by enabling natural language queries for complex GraphQL insights.\n* **Insightful API Optimization:** Identify areas for improvement, such as deprecated APIs and potential performance improvements.\n\n## Inigo’s SaaS Runs on Google Cloud\n\nInigo’s GraphQL management SaaS, powered by Google Kubernetes Engine (GKE) and Cloud Run, offers these advantages for Inigo’s users:\n\n* **Scalability:** Inigo automatically scales its backplane services based on demand, improving performance while introducing cost savings passed on to customers.\n* **Reliability:** With Google Cloud's robust infrastructure, Inigo ensures high availability and disaster recovery; Inigo is always available to users.\n* **Networking:** Deployed Inigo agents connect to the Inigo backplane services over Google’s worldwide private network for improved connectivity and reliability for Google Cloud users.\n\n## Learn More and Next Steps\n\nVisit our [partner page on Google Cloud](https://cloud.google.com/find-a-partner/partner/inigo-graphql) to learn more about how Inigo on Google Cloud can revolutionize your GraphQL API management and accelerate API transformation initiatives.\n\n**Ready to take the next steps with Inigo + Apigee?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eWe are thrilled to announce a partnership between Inigo and Google Cloud. This collaboration leverages both companies' strengths to provide unparalleled GraphQL observability, security, and scalability for developers and enterprises building GraphQL APIs that run on Google Cloud. This partnership enables Google Cloud users to accelerate API transformation initiatives and ignite innovation with GraphQL APIs.\u003c/p\u003e\n","createdAt":"2024-05-30T22:54:00.713Z","updatedAt":"2024-05-31T23:25:13.615Z","publishedAt":"2024-05-31T22:38:21.619Z","path":"google-cloud-inigo","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-06-01","keywords":"Inigo, Google Cloud, Apigee, GraphQL","cover":{"data":{"id":605,"attributes":{"name":"Inigo Google Cloud.webp","alternativeText":"Inigo Google Cloud.webp","caption":"Inigo Google Cloud.webp","width":2100,"height":900,"hash":"Inigo_Google_Cloud_a1b9638e09","ext":".webp","mime":"image/webp","size":38.36,"url":"/img/strapi/Inigo_Google_Cloud.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-05-31T22:38:06.446Z","updatedAt":"2024-06-03T19:21:09.375Z"}}},"related":[]}},{"id":49,"attributes":{"title":"Introducing the Inigo Kong Plugin: Elevate Your Kong Gateway’s GraphQL API Management","author":"Eric Murphy","text":"We are excited to announce the upcoming release of the Inigo Kong Plugin, designed to provide deep GraphQL observability, security, and management for the Kong Gateway. As part of our commitment to enhancing the capabilities of API gateways, the Inigo Kong Plugin is set to revolutionize how you manage, observe, and secure your GraphQL APIs when running the Kong Gateway. Look for Inigo in the [Kong Plugin Hub](https://docs.konghq.com/hub/) soon, but if you’re ready to get started, contact us about an early-access trial (details below).\n\n## A New Level of GraphQL Observability and Security\n\nGraphQL has become a cornerstone of modern API architectures and introduces new observability, security, and management challenges. The Inigo Kong Plugin is precisely engineered to address these challenges, offering unparalleled insights and control over your GraphQL traffic.\n\n## How the Inigo Kong Plugin Stands Out\n\nWhile existing Kong GraphQL plugins like [Degraphql](https://docs.konghq.com/hub/kong-inc/degraphql/), [GraphQL Proxy Caching Advanced](https://docs.konghq.com/hub/kong-inc/graphql-proxy-cache-advanced/), and [GraphQL Rate Limiting Advanced](https://docs.konghq.com/hub/kong-inc/graphql-rate-limiting-advanced/) offer valuable functionalities, the Inigo Kong Plugin covers a different use case by providing a unified solution that goes deeper into observability, enhanced security, and more comprehensive management capabilities, makes it an ideal choice for organizations looking to take their GraphQL API management to the next level.\n\n## Out-of-the-Box Features with the Inigo Kong Plugin\n\nUsing the Inigo Kong Plugin instantly gives you access to a comprehensive suite of out-of-the-box features to streamline your GraphQL API management. These features include:\n\n* **Real-Time Analytics:** Monitor and analyze GraphQL traffic in real time, gaining insights into query performance and usage patterns. Identify slow queries, error rates, and user behaviors to optimize API performance.\n* **Security and Compliance:** Implement advanced security measures such as query protections, rate limiting, and user authentication while ensuring compliance.\nSchema Management: Use tools for schema introspection, validation, and linting to maintain the integrity and quality of your GraphQL schemas. Automatically detect and alert on breaking changes to avoid service disruptions.\n* **Developer Tools:** Leverage the Inigo CLI for configuration-as-code, CI/CD integrations, and automated testing to streamline development workflows. Facilitate continuous deployment and ensure all schema changes are tested and validated before going live.\n* **Integration and Extensibility:** Seamlessly integrate with existing tools and infrastructure, enabling flexible and scalable API management solutions.\n\n## Seamless Integration with Existing Kong Deployments\n\nOne of the key advantages of the Inigo Kong Plugin is its seamless integration with existing Kong deployments. This makes adopting Inigo using your current Kong Gateway infrastructure easy without requiring changes to the GraphQL services behind Kong. The plugin is designed to fit naturally into your existing setup, allowing you to leverage Inigo's advanced features without disrupting your current operations.\n\n![Kong Inigo Plugin Architecture](/uploads/kong_plugin_architecture_714a804354.webp)\n\n## Conclusion\n\nThe Inigo Kong Plugin represents a significant advancement in GraphQL observability, security, and management for the Kong Gateway. By leveraging the power of the Inigo agent and connecting to Inigo's cloud-based GraphQL management suite and developer tools, this plugin offers unique advantages that set it apart from existing solutions. We invite you to explore the benefits of the Inigo Kong Plugin and join our early access program to experience its capabilities firsthand. Stay tuned for more updates as we prepare for the official launch in the [Kong Plugin Hub](https://docs.konghq.com/hub/).\n\nFor more information and to request early access, please contact us at [sales@inigo.io](mailto:sales@inigo.io).\n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eWe are excited to announce the upcoming release of the Inigo Kong Plugin, designed to provide deep GraphQL observability, security, and management for the Kong Gateway. As part of our commitment to enhancing the capabilities of API gateways, the Inigo Kong Plugin is set to revolutionize how you manage, observe, and secure your GraphQL APIs when running the Kong Gateway. Using the Inigo Kong Plugin instantly gives you access to a comprehensive suite of out-of-the-box features to streamline your GraphQL API management.\u003c/p\u003e\n","createdAt":"2024-05-21T22:17:01.069Z","updatedAt":"2024-05-21T22:19:44.870Z","publishedAt":"2024-05-21T22:19:44.866Z","path":"kong-plugin","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-05-22","keywords":"Inigo, Kong, Gateway","cover":{"data":{"id":603,"attributes":{"name":"kong-header.webp","alternativeText":"kong-header.webp","caption":"kong-header.webp","width":2100,"height":900,"hash":"kong_header_ca379594a2","ext":".webp","mime":"image/webp","size":112.56,"url":"/img/strapi/kong-header.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-05-21T22:17:18.060Z","updatedAt":"2024-05-21T22:17:18.060Z"}}},"related":[]}},{"id":48,"attributes":{"title":"Safer Code-First GraphQL Development with Inigo’s Schema Checks and Linting","author":"Eric Murphy","text":"While schema-first development is a prevalent approach in GraphQL, an alternative method is gaining traction: code-first development. In this paradigm, developers craft resolver functions and data types upfront, with the GraphQL schema subsequently generated from this code. This methodology has its own set of benefits and complexities.\n\nOne notable advantage of code-first development is its familiarity with developers entrenched in coding practices. It empowers them with greater flexibility and control over the schema, allowing direct manipulation through code. Moreover, this approach fosters a nimble development process, facilitating rapid iteration and real-time feedback.\n\nNevertheless, code-first development has its challenges. Discrepancies between the schema and API consumers can be introduced without meticulous oversight. Moreover, documenting and communicating the schema changes to team members may require additional effort. Despite these hurdles, for teams comfortable with a code-centric approach, code-first development remains a viable strategy in GraphQL implementation.\n\nInigo’s arsenal of breaking change checks, schema linting, and seamless CI/CD integration elevates the safety and efficacy of building code-first GraphQL APIs. It also enhances the resilience of the development workflow by alerting developers to potential schema change issues mid-cycle. Furthermore, Inigo’s sophisticated schema versioning ensures developers stay abreast of the latest schema changes.\n\n## Code-First Breaking Change Checks\n\nCode-first development plays to GraphQL’s strengths. GraphQL enables quick and painless API evolution with the ability to deprecate any part of the schema without breaking API consumers. Yet, developers can make mistakes, and unintentional changes can be introduced by schema generation from the code. \n\nThis is where Inigo’s breaking change checks come into play to ensure that the newest iterations will not break API consumers of the GraphQL schema derived from the latest code changes. By having Inigo track all of the latest schema changes in development and instilling breaking change checks into the developer workflow and CI/CD pipelines, breaking changes can be caught even before problematic code and schema changes are introduced.\n\nImplementing these breaking change checks is done with the following:\n\n1. Adding a reference to the schema SDL to the [Service](https://docs.inigo.io/reference/configuration/service) or [Subgraph](https://docs.inigo.io/reference/configuration/subgraph) configuration for Inigo\n2. Enabling developers to use the [Inigo CLI](https://docs.inigo.io/reference/cli/) to run [inigo check](https://docs.inigo.io/reference/cli/commands/check)\n3. Running [inigo check](https://docs.inigo.io/reference/cli/commands/check) in the CI/CD pipeline before allowing merges to happen\n\n## Code-First Schema Linting\n\nWith code-first development, every developer is empowered to make schema changes, which introduces inevitable inconsistencies in the schema for formatting and naming conventions. Inigo’s [schema linting](https://docs.inigo.io/reference/configuration/checks#schema-linting-fine-tuning) helps enforce standards for the generated schema and catch inconsistencies during development, like breaking change checks are run using [inigo check](https://docs.inigo.io/reference/cli/commands/check).\n\n## CI/CD Integration\n\nWhether your development model is code-first or schema-first, it’s best practice to integrate [inigo check](https://docs.inigo.io/reference/cli/commands/check) and [inigo apply](https://docs.inigo.io/reference/cli/commands/apply) into your CI/CD pipelines. This prevents the merging of code and generated schema changes, which can introduce breaking changes or schema inconsistencies that can be caught by schema linting.\n\n## See it in Action with TypeGraphQL\n\n[Here is a demo application using TypeGraphQL](https://github.com/inigolabs/workshops/tree/main/type-graphql-demo) that demonstrate a code-first approach to building a GraphQL service. In the README there are instructions on how to make a code change that creates a breaking change, depending on client usage of the API’s schema.\n\n## Conclusion\n\nIn summary, Inigo's suite of tools for code-first GraphQL development brings a new level of robustness and reliability to teams opting for this approach. Integrating breaking change checks, schema linting, and comprehensive CI/CD pipeline tools, Inigo significantly mitigates the risks of rapid API evolution inherent in code-first projects. This allows development teams to focus more on innovation and less on the potential pitfalls of schema inconsistencies or breaking changes.\n\nUltimately, Inigo empowers developers to leverage the complete flexibility and power of GraphQL, maintaining high standards of quality and consistency in their API development processes. With such tools, teams can confidently navigate the complexities of code-first GraphQL development, ensuring that their APIs remain robust, consistent, and forward-compatible.\n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eWhile schema-first development is a prevalent approach in GraphQL, an alternative method is gaining traction: code-first development. Inigo’s arsenal of breaking change checks, schema linting, and seamless CI/CD integration elevates the safety and efficacy of building code-first GraphQL APIs.\u003c/p\u003e\n","createdAt":"2024-05-09T17:43:17.244Z","updatedAt":"2024-05-14T17:09:35.599Z","publishedAt":"2024-05-13T23:48:31.654Z","path":"code-first-graphql","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-05-14","keywords":"Inigo, Code-First, TypeGraphQL","cover":{"data":{"id":598,"attributes":{"name":"Post _ Safer Code-First GraphQL Development with Inigo’s Schema Checks and Linting.webp","alternativeText":"Post _ Safer Code-First GraphQL Development with Inigo’s Schema Checks and Linting.webp","caption":"Post _ Safer Code-First GraphQL Development with Inigo’s Schema Checks and Linting.webp","width":2100,"height":900,"hash":"Post_Safer_Code_First_Graph_QL_Development_with_Inigo_s_Schema_Checks_and_Linting_c883219130","ext":".webp","mime":"image/webp","size":47.04,"url":"/img/strapi/Post___Safer_Code-First_GraphQL_Development_with_Inigo’s_Schema_Checks_and_Linting.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-05-13T23:47:55.033Z","updatedAt":"2024-05-13T23:47:55.033Z"}}},"related":[]}},{"id":47,"attributes":{"title":"LLM-Powered GraphQL Observability","author":"Shahar Binyamin","text":"## Introduction:\nAt Inigo, we're constantly seeking innovative ways to enhance the capabilities of our GraphQL observability tools. Our latest hack week involved integrating Large Language Models (LLMs) like OpenAI, Gemini and other platforms during our recent hack week. This exciting development marks a significant step forward in our journey to revolutionize GraphQL management.\n\n## The Power of Experimentation:\nDuring our hack week, a time dedicated to unbridled creativity and experimentation, our teams dived deep into the potential of LLMs to enhance our observability features. The mantra for the week was clear: \"If your hack week project isn't about AI, what are you really doing?\" This set the stage for groundbreaking work, focusing on how AI can transform the way we interact with and manage GraphQL APIs.\n\n## Enhancing Developer Productivity:\nThe integration of LLMs into our platform is not just about leveraging new technology—it's about fundamentally improving the productivity and effectiveness of developers working with GraphQL. By enabling more intuitive and natural interactions with our systems, developers can now ask complex questions about their GraphQL operations like, \"Show me the users with the slowest mutations,\" or \"Find the operation that returned the most objects.\" These capabilities make it simpler and faster for developers to get the insights they need without sifting through data manually.\n\n## Real-World Applications and Excitement for the Future:\nOur developers are already seeing the benefits of this integration, with features that allow them to interact with the system in conversational English to quickly identify issues and insights. For example, questions such as \"What clients are still using deprecated fields?\" highlight how LLMs can pinpoint specific data points that impact system performance and compliance.\n\n## Looking Ahead:\nThe successful implementation of LLMs during hack week is just the beginning. We are incredibly excited about the future applications of AI in our platform. The potential to expand these capabilities further and continue improving the way our platform understands and interacts with user queries is boundless.\n\n${youtube(P5b6R43tsyU)}\n\n## Conclusion:\nThe introduction of LLM technology into Inigo's observability suite is a transformative step forward for GraphQL management. As we continue to explore and expand these capabilities, the future looks bright for Inigo and our users. We are on the cusp of a new era in API management, where AI not only supports but enhances developer interactions with technology.\n\nStay tuned for more updates as we continue to push the boundaries of what's possible in GraphQL observability with the power of artificial intelligence.","short_text":"\u003cp\u003eEnhancing GraphQL observability with AI-driven insights.\u003c/p\u003e\n","createdAt":"2024-04-25T13:50:09.261Z","updatedAt":"2024-05-03T14:19:26.887Z","publishedAt":"2024-05-02T17:22:14.339Z","path":"llm-ai-graphql-analytics-inigo","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-05-01","keywords":"LLM, AI, GraphQL, analytics, SIEM, deprecated, latency","cover":{"data":{"id":596,"attributes":{"name":"Chat bubble for AI assistant to LLM blog post.webp","alternativeText":"Chat bubble for AI assistant to LLM blog post.webp","caption":"Chat bubble for AI assistant to LLM blog post.webp","width":1400,"height":600,"hash":"Chat_bubble_for_AI_assistant_to_LLM_blog_post_08e596008e","ext":".webp","mime":"image/webp","size":24.34,"url":"/img/strapi/Chat_bubble_for_AI_assistant_to_LLM_blog_post.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-04-25T16:13:34.321Z","updatedAt":"2024-05-03T14:19:26.168Z"}}},"related":[]}},{"id":46,"attributes":{"title":"Inigo Meets Apigee: Elevate Your GraphQL APIs in Google Cloud","author":"Eric Murphy","text":"For organizations utilizing Apigee on Google Cloud to manage their APIs, the NEW integration with Inigo has the potential to revolutionize your GraphQL API strategies. Inigo's comprehensive suite of features significantly enhances observability and security, delivering detailed insights and precise control crucial for optimizing API performance and ensuring reliability.\n\n## Why Inigo with Apigee?\n\nApigee provides robust tools for API security, traffic management, and analytics. Yet, when it comes to managing GraphQL's complex queries, variable execution times, and unique security concerns, additional challenges in security, auditing, and management arise. Inigo fills these gaps with its tailored observability and security features designed specifically for GraphQL. Inigo allows your organization to address and eliminate the blind spots and vulnerabilities that persist when relying solely on an API gateway like Apigee. Additionally, Inigo enhances your security posture by uncovering shadow APIs that operate through your API gateway, ensuring comprehensive protection and oversight.\n\n## Features of Inigo\n\nInigo brings a plethora of features that complement Apigee’s capabilities:\n\n* **Detailed Observability:** With features like tree views, heat maps, and operation metrics, Inigo allows teams to dive deep into how their GraphQL queries perform and interact. The timeline and detailed query information provide real-time insights into API usage patterns.\n\n* **Security Enhancements:** Inigo supports role-based access control, field-level rate limiting, and operation limits, ensuring your GraphQL APIs remain secure against over-fetching and other potential security vulnerabilities.\n\n* **Schema and Configuration Management:** Keep track of schema changes with Inigo’s SDL navigator and diff view. The history of schema applications and configuration adjustments helps maintain consistency and auditability across your API lifecycle.\n\n## Integrating Inigo with Apigee via `ExternalCallout` Policy\n\nIntegrating Inigo’s features into your Apigee workflow is streamlined through Apigee’s `ExternalCalloutPolicy`. This policy allows Apigee to call out to an external gRPC service – in this case, Inigo’s sidecar – during API processing. Once implemented, here is how the Inigo integration with Apigee functions:\n\n![apigee-integration.png](/uploads/apigee_integration_006a1bdccc.png)\n\nHere’s how to leverage it for enhanced GraphQL API management:\n\n1. **Set Up ExternalCallout Policy:** Configure the ExternalCallout XML in your Apigee API proxy to interact with Inigo. This setup invokes Inigo’s functionalities during the API transaction process.\n\n2. **Data Processing and Analytics:** As API requests pass through Apigee, Inigo processes the GraphQL queries, applying its observability and security mechanisms. This includes monitoring API health, tracking agent status, and analyzing query performance.\n\n3. **Feedback Loop:** Information from Inigo can be fed back into Apigee, allowing for dynamic adjustments to API handling based on real-time metrics and insights gathered by Inigo.\n\n## How Inigo and Apigee Work in Unison\nThe synergy between Inigo and Apigee offers a comprehensive routing solution, managing, securing, and observing GraphQL APIs:\n\n* **Routing and Management:** Apigee's powerful routing capabilities direct GraphQL requests to the appropriate backend services, while Inigo’s observability tools provide insights into the structure and performance of these queries. This combination ensures that APIs are routed efficiently and monitored for any issues in real-time.\n\n* **Security:** By integrating Inigo’s security features, such as role-based access control and operation limits, into Apigee’s existing security framework, organizations can address the unique challenges posed by GraphQL. This includes protecting against excessive data retrieval and ensuring that sensitive data is accessed appropriately.\n\n* ****Observability:**** Inigo’s advanced observability features, like heat maps and operation metrics, complement Apigee’s analytics capabilities. This enables teams to understand API performance and user engagement better, facilitating proactive optimizations and enhancements.\n\n## Benefits for Your Organization\n\nIntegrating Inigo with Apigee enhances your API’s security and observability and empowers your teams to:\n\n* **Identify and Resolve Issues Faster:** With advanced monitoring tools and detailed analytics, pinpointing and fixing issues becomes quicker and more efficient.\n\n* **Optimize API Performance:** Understand and optimize API usage patterns based on concrete data regarding slow queries, top errors, and user metrics.\n\n* **Enhance API Security:** Implement advanced security measures tailored to GraphQL's unique needs, enhancing your overall API management strategy.\n\n## Conclusion\n\nFor businesses already using Apigee, adding Inigo provides a powerful enhancement to your GraphQL API management, ensuring that your APIs are not only robust and reliable but also extends to GraphQL APIs optimized for high performance and tight security. By leveraging Inigo’s detailed analytics and specialized security features, organizations can achieve a new level of security posture, control and insight into their complete API ecosystems.\n\n**Ready to take the next steps with Inigo + Apigee?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eOur new integration between Inigo and Apigee offers organizations managing their GraphQL APIs a revolutionary enhancement in observability and security, providing detailed insights and control crucial for optimizing performance and reliability. Inigo addresses the unique challenges of managing GraphQL by improving your security posture, filling management gaps, and providing comprehensive protection against vulnerabilities, including shadow APIs.\u003c/p\u003e\n","createdAt":"2024-04-23T15:36:45.011Z","updatedAt":"2024-04-23T21:35:29.428Z","publishedAt":"2024-04-23T16:01:23.048Z","path":"apigee-inigo","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-04-23","keywords":"Apigee, Inigo","cover":{"data":{"id":593,"attributes":{"name":"apigee-header.png","alternativeText":"apigee-header.png","caption":"apigee-header.png","width":1400,"height":600,"hash":"apigee_header_5625e6db5d","ext":".png","mime":"image/png","size":29.77,"url":"/img/strapi/apigee-header.png","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-04-23T15:37:18.893Z","updatedAt":"2024-04-23T15:37:18.893Z"}}},"related":[]}},{"id":45,"attributes":{"title":"Break Free from Apollo: How Inigo Beats GraphOS on Value and Features","author":"Eric Murphy","text":"In our interactions with numerous enterprise GraphQL users—through sales calls, webinars, and face-to-face meetings at industry events like [GraphQLConf](https://inigo.io/blog/graphqlconf_2023_recap), [GraphQL Summit](https://inigo.io/blog/graphqlsummit_2023_recap), and API World—a consistent message has emerged: While many are drawn to Apollo GraphOS, its high costs and limited functionality behind feature gates leave much to be desired. As we've explored in “[Control Your GraphQL Destiny with Inigo (Don’t Get Vendor Locked)](https://inigo.io/blog/control_your_graphql_destiny),” a sense of vendor lock-in is a key factor driving stickiness with Apollo.\n\nAt Inigo, we challenge this status quo by delivering unparalleled value across the board—to your API platform mean, development teams, security personnel, business units, and operational staff—while maintaining a competitive and scalable pricing structure. Our approach has resonated with the market, allowing us to attract prospective and former Apollo customers with our comprehensive feature set, often at up to 70% savings.\n\nHere are 9 compelling reasons why Inigo stands out as the superior choice in terms of value and pricing when compared to Apollo GraphOS and other competitors:\n\n## 1. Inigo is Battle-Tested and Enterprise-Ready\n\nIn the Enterprise GraphQL space, Inigo is one of the few vendors with a significant footprint in large-scale GraphQL deployments. While other alternatives to Apollo may entice with their open-source nature and alternative GraphQL gateway implementations, they still need to catch up in maturity and features.\n\nInigo has successfully processed 40 billion GraphQL queries per month for customers integrating Inigo into their production environments. We have customers with supergraphs composed of up to 190 subgraphs, all while incorporating advanced features like field-level observability against these enormous schemas. Furthermore, Inigo’s customers leverage our comprehensive toolset for schema composition, registry, and breaking change detection. Our robustness has led numerous organizations to transition from Apollo or steer away completely, favoring Inigo as a superior alternative.\n\n## 2. Inigo is the Fastest Migration Path from Apollo GraphOS\t\n\nApollo Gateway and Apollo Router are well-established open-source projects that provide feature-rich GraphQL gateways supporting Apollo Federation with GraphOS. Many users have extended the functionality of Gateway/Router with custom middleware and plugins tailored to their requirements. Consequently, transitioning to a different GraphQL gateway implementation would be daunting and labor-intensive.\n\nInigo seamlessly integrates with your current Apollo [Gateway](https://docs.inigo.io/product/agent_installation/javascript_apollo_plugin) or [Router](https://docs.inigo.io/product/agent_installation/rust_apollo_router) setups, allowing you to maintain these open-source deployments without a contractual agreement with Apollo. This compatibility ensures a swift and effortless migration process, minimizing disruption and resource expenditure.\n\n## 3. Inigo Won’t “Seat-Gate” your Team: Developers Should Have Access Too\n\nAs highlighted in our article \"[Streamline 8 Everyday Tasks of a GraphQL Developer with Inigo](https://inigo.io/blog/streamline-everyday-tasks-developer)\", there are numerous advantages to providing all team members, including developers, access to an enterprise GraphQL platform. With Apollo GraphOS, extending access to developers is cost-prohibitive, leaving developers without crucial insights into observability and other key features.\nIn contrast, Inigo ensures that developers can access real-time observability data, enabling them to proactively address issues without resorting to external tools like Datadog. Moreover, Inigo fosters collaboration within GraphQL teams by offering powerful tools for implementing linting standards and effortlessly sharing GraphQL queries vital for development and testing.\n\n## 4. Inigo Doesn’t Gate Features \n\nApollo has a reputation for gating features, compelling customers to commit to costly enterprise contracts to access functionalities that should be more affordable, like self-hosting capabilities for Apollo Gateway/Router and Role-Based Access Control (RBAC) for managing GraphQL API security. In contrast, Inigo offers unrestricted access to all platform features from the outset. For a detailed comparison of how Inigo's features measure up against Apollo GraphOS, we invite you to explore our blog post, \"[Top 10 Benefits of Inigo's Replacement for GraphOS](https://inigo.io/blog/top_10_benefits_of_inigo_over_apollo_graphos)\".\n\n## 5. Inigo Improves the Reliability and Performance of Your GraphQL API\n\nWith unmatched observability, deep analytics, insights, and error impact levels, Inigo enables superior proactive and reactive responses to reliability and performance issues that arise from your underlying GraphQL services. Even better, alerting is built into Inigo, as described in “[Advanced Alerts for Your GraphQL API with Inigo](https://inigo.io/blog/advanced-alerts-graphql)”. We often have customers identify issues with their GraphQL API that were invisible to their existing API monitoring tools due to the nature of GraphQL, as discussed in our blog \"[Still Using Datadog For GraphQL Analytics?](https://inigo.io/blog/are-you-still-using-datadog-for-graphql-analytics)\"\n\n## 6. Inigo Improves GraphQL Security Posture \n\nQuery protection (i.e. preventing [injection attacks](https://inigo.io/blog/graphql_injection_attacks)), rate-limiting, RBAC, and [controlling access to schema introspection](https://inigo.io/blog/you-dont-need-to-disable-introspection) are critical security requirements for your GraphQL API. Bad actors [versed in GraphQL vulnerabilities](https://inigo.io/blog/how_threat_actors_detect_your_graphql_apis) can easily bring down your GraphQL server or gateway, as described in “[How to Prevent a Denial of Service Attack](https://inigo.io/blog/hasura_inigo_dos_attack)”. Inigo goes above and beyond what Apollo can offer with GraphOS in all of these areas, with all of these capabilities easily handled with YAML configurations that can be checked into a Git repository and automatically deployed, therefore implementing a DevSecOps approach to your GraphQL API security.\n\n## 7. Inigo Instills GraphOps Best Practices\n\nEnterprise GraphQL operations (GraphOps) best practices include implementing [schema composition, breaking change checks](https://docs.inigo.io/product/schema_management/checks), and [schema linting rules](https://inigo.io/blog/linting-inigo) into your CI/CD flows. Inigo supports these features via our [Inigo CLI](https://docs.inigo.io/reference/cli/), which can be easily [integrated into your pipeline](https://docs.inigo.io/reference/cli/github_action). Therefore, non-compliant or breaking schema changes will fail builds and prevent merges from happening until the issues are remediated or overridden. All these features are supported out of the box with Inigo at no additional cost.\n\n## 8. Inigo Fits Anywhere Into Your GraphQL Footprint\n\nWe’ve spoken to many enterprise customers who are modernizing their GraphQL services and starting their journey with federation. Still, they feel overwhelmed by the complexity of heterogeneous and legacy GraphQL deployments. Inigo offers [several GraphQL server integrations](https://docs.inigo.io/product/agent_installation/), and we offer [sidecar](https://docs.inigo.io/product/agent_installation/kubernetes) and [standalone](https://docs.inigo.io/product/agent_installation/standalone_agent) deployments for maximum flexibility to support your existing GraphQL servers. In tandem, you can implement your next-generation GraphQL architecture and leverage Inigo's other great enterprise features to accelerate the journey.\n\n## 9. Inigo will Cut Costs by up to 70%\n\nInigo has hyper-efficient data collection, processing, and storage of GraphQL metrics data, which allows us to capture 100% of your query metrics while maintaining affordable costs. Remarkably, Inigo maintains pricing that is up to 70% lower than Apollo GraphOS, which collects only samples of metrics. Furthermore, Inigo offers a more transparent pricing model with no per-seat charges or feature gates, unlike Apollo's approach with GraphOS. \n\n## Conclusion: Elevating Enterprise GraphQL while Lowering Costs\n\nInigo's value proposition for enterprise GraphQL customers is clear and compelling. Inigo ensures a smooth and efficient migration path by offering a battle-tested, enterprise-ready platform that seamlessly integrates with existing Apollo deployments. Our commitment to providing full feature access, enhancing the reliability and performance of your GraphQL API, and instilling best practices in GraphQL API operations sets us apart from the competition.\n\nMoreover, Inigo's flexible and cost-effective approach and dedication to observability and security make us the ideal choice for growing and optimizing your GraphQL services. As we continue to innovate and expand our offerings, we remain focused on delivering the highest value and satisfaction to our customers.\n\nDiscover Inigo's transformative impact on your GraphQL journey and join the growing number of enterprises that have made the switch. Embrace the future with Inigo, where observability, security, and performance converge with a cost-effective enterprise GraphQL platform.\n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eAt Inigo, we challenge the status quo by delivering unparalleled value across the board—to your API platform team, development teams, security personnel, business units, and operational staff—while maintaining a competitive and scalable pricing structure. Here are 9 compelling reasons why Inigo stands out as the superior choice in terms of value and pricing when compared to Apollo GraphOS.\u003c/p\u003e\n","createdAt":"2024-03-22T23:08:10.722Z","updatedAt":"2024-03-28T19:48:26.956Z","publishedAt":"2024-03-22T23:29:54.304Z","path":"break-free-apollo","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-03-25","keywords":"Apollo, GraphOS, Alternative","cover":{"data":{"id":553,"attributes":{"name":"blog_break_free_from_apollo_how_inigo_beats_graphos_on_value_and_features_2x.webp","alternativeText":"API Gateway","caption":"blog_break_free_from_apollo_how_inigo_beats_graphos_on_value_and_features_2x.webp","width":1400,"height":600,"hash":"blog_break_free_from_apollo_how_inigo_beats_graphos_on_value_and_features_2x_c357087af3","ext":".webp","mime":"image/webp","size":132.22,"url":"/img/strapi/blog_break_free_from_apollo_how_inigo_beats_graphos_on_value_and_features_2x.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-03-28T19:47:58.752Z","updatedAt":"2024-10-30T15:42:20.330Z"}}},"related":[]}},{"id":44,"attributes":{"title":"The 5 Most Valuable GraphQL Features According to Our Users","author":"Shahar Binyamin","text":"GraphQL is evolving, finding features that not only simplify development but also enhance performance can be a game-changer. Our customers are always on the lookout for functionalities that can streamline their workflows and elevate their projects. Here are five GraphQL features that have not only caught their attention but have become indispensable tools in their development arsenal.\n\n## #1: Subgraph Usage Unveiled\n![Home_subgraphs.gif](/uploads/Home_subgraphs_37b884d911.gif)\nEver wonder if you're flying blind without subgraph visibility in your GraphQL analytics?\nFear not! It's now easier than ever to ditch the blindfolds and dive into meaningful resource allocation chats with your subgraph maestros.\n\n## #2: Per-Query Latency Performance – Visualized!\n![Observe_Latency tab.gif](/uploads/Observe_Latency_tab_39dd86abfe.gif)\nSure, every GraphQL query is a snowflake, but let's zoom out a bit. Visualizing where each query's latency lies across the percentile spectrum can shine a spotlight on those not-so-speedy ones. Time to prioritize!\n\n## #3: Enhanced Usage Insights\n![Insights.gif](/uploads/Insights_28b9d35c6b.gif)\nThe biggest pain we hear again and again is how GraphQL APIs poses a massive blind spot for both platform and security teams.\n\nAfter a little makeover, our insights page is now easier on the eyes and the brain. Get ready for a more organized experience, with hero bars and crucial stats practically leaping out at you.\n\n## #4: Schema Change Log - Time Travel Edition\n![Schema _ Chang log_Light.gif](/uploads/Schema_Chang_log_Light_381f95a9f3.gif)\nA personal favorite – stroll down memory lane with our schema change log\nIt's not just a fun pastime for you and your colleagues; it's also a detective's tool for uncovering how those pesky breaking changes sneaked into production.\n\n## #5: Deprecated Fields – Who's Still Using Them?\n![Deprecated.gif](/uploads/Deprecated_6c15c72577.gif)\nFeeling frustrated with those stubbornly used deprecated fields?\nWith Inigo's heat-map view, you can now easily spot which ancient fields are still in play, along with the operations and clients clinging to the past.\n\n## Love what you see?\nReady to elevate your GraphQL experience with features users love? Explore Inigo today and discover how our platform can transform your API strategy with enterprise-grade management, monitoring, and security. Start your free trial now and join the ranks of satisfied customers leveraging GraphQL's full potential.\n","short_text":"\u003cp\u003e5 GraphQL features our customers love, and you would as well.\u003c/p\u003e\n","createdAt":"2024-03-15T17:26:17.296Z","updatedAt":"2024-03-15T17:45:19.280Z","publishedAt":"2024-03-15T17:26:30.233Z","path":"5-graphql-features-customers-love","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-03-18","keywords":"GraphQL, analytics, SIEM, deprecated, latency","cover":{"data":{"id":536,"attributes":{"name":"blog_5_inigo_features_our_customers_love.webp","alternativeText":"blog_5_inigo_features_our_customers_love.webp","caption":"blog_5_inigo_features_our_customers_love.webp","width":1400,"height":600,"hash":"blog_5_inigo_features_our_customers_love_79adec3c06","ext":".webp","mime":"image/webp","size":48.52,"url":"/img/strapi/blog_5_inigo_features_our_customers_love.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-03-15T17:33:21.369Z","updatedAt":"2024-03-15T17:33:21.369Z"}}},"related":[]}},{"id":43,"attributes":{"title":"Still Using Datadog For GraphQL Analytics?","author":"Shahar Binyamin","text":"As organizations embrace GraphQL over traditional REST APIs for its data management efficiency, many still rely on outdated analytics and monitoring tools. Tools like DataDog, Splunk, and other Security Information and Event Management (SIEM) systems, designed for REST-specific analytics, struggle to adapt to GraphQL's advanced query language. This reliance on legacy tools can significantly impede the full potential of GraphQL within organizations, presenting challenges in fully leveraging the benefits of this powerful query language for modern data retrieval and management needs.\n\n## Inadequate Insights into GraphQL Operations\nFirstly, SIEMs and REST analytics tools fall short in deciphering the intent behind GraphQL operations. GraphQL's strength lies in its flexibility, allowing for complex, nested queries tailored to the exact needs of the client. However, traditional analytics tools are not designed to interpret these dynamic queries deeply, leading to superficial insights that barely scratch the surface of GraphQL's operational intricacies.\n\n## A Missed Opportunity in the Developer Lifecycle\nMoreover, these traditional tools miss a critical opportunity to integrate analytics into the developer lifecycle, such as performing schema checks against live data. This integration is crucial for maintaining the integrity of GraphQL APIs, ensuring that changes do not disrupt existing functionalities or introduce vulnerabilities. Without this, organizations risk slower development cycles and increased potential for errors in production.\n\n## Lack of Field-Level Analytics and Audit Trails\nThe absence of field-level analytics and comprehensive audit trails further exemplifies the gap in traditional tools when applied to GraphQL. Understanding how each field in a query is used can provide invaluable insights into usage patterns and potential optimizations. Similarly, a detailed audit trail is essential for tracking changes and maintaining security, especially in complex systems where multiple teams may interact with the GraphQL schema.\n\n## The Challenge of Subgraph Visibility\nFor organizations utilizing federated GraphQL architectures, the lack of subgraph visibility compounds these challenges. Platform teams need detailed insights into each subgraph's performance and usage to facilitate informed discussions about operability, performance, and resource allocation with subgraph owners. Traditional analytics tools simply do not provide the granularity required for these crucial conversations.\n\n## Consider the alternative: NextGen GraphQL Holistic Approach with Inigo\nIn response to these challenges, Inigo takes an holistic approach for organizations navigating the complexities of GraphQL analytics. Inigo is specifically designed to address the shortcomings of traditional SIEMs and REST analytics tools in a GraphQL context. With features tailored to enhance visibility, improve developer workflows, and secure GraphQL APIs, Inigo empowers organizations to:\n- Gain deep insights into the intent behind GraphQL operations.\n- Seamlessly incorporate analytics data into the developer lifecycle.\n- Access field-level analytics alongside comprehensive schema history and usage patterns.\n- Maintain robust audit trails.\n- Achieve unprecedented visibility into federated subgraphs.\n\nAs we move forward, it's clear that the shift toward GraphQL demands a new generation of analytics and monitoring tools. Inigo stands at the forefront of this shift, offering a solution that not only meets the unique needs of GraphQL but also enhances the operability, security, and efficiency of modern web services. Embrace the future of GraphQL analytics with Inigo, and unlock the full potential of your GraphQL APIs.\n\n","short_text":"\u003cp\u003eThis mismatch presents a suite of challenges that can hinder the full realization of GraphQL's potential.\u003c/p\u003e\n","createdAt":"2024-03-08T19:23:26.816Z","updatedAt":"2024-03-13T17:23:40.123Z","publishedAt":"2024-03-13T16:44:47.346Z","path":"are-you-still-using-datadog-for-graphql-analytics","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-03-12","keywords":"GraphQL, analytics, SIEM, apollo, datadog, Splunk. new relic","cover":{"data":{"id":530,"attributes":{"name":"blog_are_you_still_using_a_siem_for_graphql_analytics_.webp","alternativeText":"blog_are_you_still_using_a_siem_for_graphql_analytics_.webp","caption":"blog_are_you_still_using_a_siem_for_graphql_analytics_.webp","width":1400,"height":600,"hash":"blog_are_you_still_using_a_siem_for_graphql_analytics_32c38d301e","ext":".webp","mime":"image/webp","size":67.09,"url":"/img/strapi/blog_are_you_still_using_a_siem_for_graphql_analytics_.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-03-13T16:44:05.217Z","updatedAt":"2024-03-13T16:44:05.217Z"}}},"related":[]}},{"id":42,"attributes":{"title":"GraphQL Schema Linting: Ensuring Consistency Across Subgraphs","author":"Eric Murphy","text":"At Inigo, we understand the importance of keeping your GraphQL schemas clean, efficient, and standardized. That's why we're excited to announce that we've added GraphQL schema linting checks to our dev tools.\n\nOur customers, many of whom manage multiple subgraphs, have expressed the need for a tool that can help maintain uniformity and prevent potential issues before they arise. The introduction of schema linting in Inigo addresses this need head-on. By automatically analyzing and validating the structure and syntax of your GraphQL schemas, our linting checks ensure that all your subgraphs adhere to the same set of standards, regardless of the number of development teams involved.\n\nWhat sets Inigo's linting feature apart is its seamless integration into the GraphQL developer workflow and CI/CD pipelines. This means that you can catch and fix errors early in the development process, reducing the risk of introducing breaking changes and ensuring a smooth and consistent experience for your end users.\n\n## What is Schema Linting?\n\nGraphQL schema linting is the process of analyzing and validating the structure and syntax of a GraphQL schema to ensure it adheres to best practices and standards. Like code linting in programming languages, schema linting helps identify potential issues, inconsistencies, or deviations from conventions before they cause problems in a GraphQL API.\n\nLinting can check for various aspects of a schema, such as:\n\n1. **Type Definitions:** Ensuring that all types are defined correctly and used consistently.\n2. **Field Naming:** Verifying that field names follow a specified naming convention (e.g., camelCase).\n3. **Deprecations:** Identifying deprecated fields or types that should be removed or replaced.\n4. **Directive Usage:** Checking that directives are applied correctly and consistently.\n5. **Schema Organization:** Ensuring that the schema is organized logically and maintainable.\n\nUsing a schema linter allows developers to maintain a clean, efficient, and error-free GraphQL schema, which is crucial for building robust and scalable GraphQL APIs.\n\n## Schema Linting Rules\n\nSchema Linting Rules\nInigo includes a standard set of schema linting rules out of the box. These rules cover the most common schema standardization scenarios that GraphQL teams face. The following rules are listed in our [Checks doc](https://docs.inigo.io/reference/configuration/checks#available-linter-rules):\n\n![Linting Rules](/uploads/linting_1_dc122c854e.png)\n\nIf there are additional linting rules that your team needs, please reach out to us in [Slack](https://slack.inigo.io/) to discuss!\n\n## Enabling Schema Linting Rules\n\nSchema linting rules are defined in a `Checks` YAML file ([doc](https://docs.inigo.io/reference/configuration/checks#available-linter-rules)) that is applied using `inigo apply`. Here is an example `Checks` that defines `FIELD_NAMES_CAMEL_CASE` and `REST_FIELD_NAMES` linting rules:\n\n![Schema Checks with Linting Rules](/uploads/linting_2_2eaddcac30.png)\n\nIn the `Checks` YAML, you can set the linting rules with the `level` of `debug`, `info`, `warning`, or `error`. For the `error` level, any schema changes will not be applied unless overridden. \n\n## Ignore Linting Rules with @lint Directive\n\nFor more granularity with applying linting rules ([doc](https://docs.inigo.io/reference/configuration/checks#schema-linting-fine-tuning)), the `@lint` directive can be used for types, fields, and enums. Here is an example of using `@lint` on a `type`:\n\n![Ignore Linting Rules](/uploads/linting_3_be1149f642.png)\n\nInversely, you can also ignore all linting rules `except` for a subset of the rules, as shown below:\n\n![Ignore Except Linting Rules](/uploads/linting_4_61ae5234ce.png)\n\n## Conclusion\n\nIn conclusion, integrating GraphQL schema linting into Inigo marks a significant step forward in our commitment to delivering top-notch API development tools. The seamless integration of linting into the developer workflow and CI/CD pipelines further enhances the efficiency and reliability of your API development, allowing you to catch potential issues early and avoid costly errors down the line. With Inigo's GraphQL schema linting, you can foster collaboration among different development teams, reduce the risk of breaking changes, and ultimately deliver a better experience to your GraphQL API consumers.\n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eInigo now offers GraphQL schema linting to help teams automatically analyze and validate their schemas against defined standards. This ensures consistency across subgraphs, catches errors early, and prevents breaking changes. Teams can enable rule sets, adjust severity levels, and use the @lint directive to apply or ignore rules as needed.\u003c/p\u003e\n","createdAt":"2024-03-01T18:44:16.841Z","updatedAt":"2024-03-04T21:00:35.987Z","publishedAt":"2024-03-04T19:55:47.094Z","path":"linting-inigo","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-03-05","keywords":"GraphQL, Linting, Federation, CI/CD","cover":{"data":{"id":525,"attributes":{"name":"linting.png","alternativeText":"linting.png","caption":"linting.png","width":2100,"height":900,"hash":"linting_0463f5649f","ext":".png","mime":"image/png","size":1212.02,"url":"/img/strapi/linting.png","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-03-01T23:34:03.051Z","updatedAt":"2024-03-01T23:34:03.051Z"}}},"related":[]}},{"id":41,"attributes":{"title":"Inigo’s Okta Integration for Enterprise SSO","author":"Eric Murphy","text":"Inigo is thrilled to announce our new [integration with Okta](https://www.okta.com/integrations/inigo-graphql/), a leader in identity and access management. This integration empowers organizations to utilize Okta's comprehensive identity management capabilities to ensure secure and efficient access to Inigo with an enterprise Single Sign-On (SSO) experience.\n\n## Key Features of the Integration\n\n* **Single Sign-On:** Users can access Inigo using their existing Okta credentials, streamlining the login process and enhancing security.\n* **Just-In-Time Provisioning:** User accounts are automatically created in Inigo as they log in, eliminating the need for manual account setup.\n\n**Setting Up the Integration:** The integration process is straightforward and self-service, requiring minimal setup from Inigo. Okta administrators can easily add the Inigo application to their Okta account and assign it to users or groups as needed.\n\n![User Experience](/uploads/Okta_Image1_df0b9f5291.webp)\n\n**User Experience:** Users will find the Inigo app on their Okta dashboard once the integration is configured. A single click on the app icon will authenticate them via Okta and redirect them to the Inigo interface, ready to use.\n\n![User Experience](/uploads/Okta_Image2_41ed5ed241.webp)\n\n**Support and Troubleshooting:** Inigo provides dedicated support to assist with any challenges during the integration process. Our team is available to help ensure a smooth and secure user experience.\n\nFor more details on the [Okta integration](https://www.okta.com/integrations/inigo-graphql/) and setup instructions, visit our [Okta integration documentation](https://docs.inigo.io/reference/integrations/okta).\n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eInigo is thrilled to announce our integration with Okta, a leader in identity and access management. This integration empowers organizations to utilize Okta's comprehensive identity management capabilities to ensure secure and efficient access to Inigo with an enterprise Single Sign-On (SSO) experience.\u003c/p\u003e\n","createdAt":"2024-02-20T19:44:45.266Z","updatedAt":"2024-02-20T23:16:35.577Z","publishedAt":"2024-02-20T20:51:23.030Z","path":"okta-inigo","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-02-14","keywords":"GraphQL, Okta, Security, SSO, Integration","cover":{"data":{"id":521,"attributes":{"name":"Blog - Inigo’s Okta Integration for Enterprise SSO.webp","alternativeText":"Blog - Inigo’s Okta Integration for Enterprise SSO.webp","caption":"Blog - Inigo’s Okta Integration for Enterprise SSO.webp","width":2100,"height":900,"hash":"Blog_Inigo_s_Okta_Integration_for_Enterprise_SSO_f6bdbe4f7d","ext":".webp","mime":"image/webp","size":33.95,"url":"/img/strapi/Blog_-_Inigo’s_Okta_Integration_for_Enterprise_SSO.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-20T20:44:40.097Z","updatedAt":"2024-02-20T20:44:40.097Z"}}},"related":[]}},{"id":40,"attributes":{"title":"Inigo Plugin for GraphQL Yoga","author":"Eric Murphy","text":"We're excited to announce that Inigo now fully supports integration with [GraphQL Yoga](https://the-guild.dev/graphql/yoga-server), the latest and most flexible GraphQL server by [The Guild](https://the-guild.dev/). This new integration is part of our ongoing commitment to provide versatile and comprehensive GraphQL management solutions that cater to the diverse needs of our users.\n\n## Why Yoga Server?\n\nYoga Server stands out for its simplicity, modularity, and performance, making it an ideal choice for developers looking for a modern GraphQL server. By supporting Yoga Server, Inigo extends its capability to offer enhanced GraphQL API management, monitoring, and security features seamlessly integrated with Yoga's powerful server-side functionalities.\n\n## What Does This Means for You?\n\n* **Streamlined GraphQL Management:** Easily manage and monitor your Yoga Server-based GraphQL APIs through Inigo's intuitive platform.\n* **Enhanced Security and Observability:** Leverage Inigo's advanced security features and observability tools to ensure your APIs are both secure and performing optimally.\n* **Simplified Workflow:** With Inigo and Yoga Server, you can accelerate your GraphQL development cycle, from schema design to deployment and monitoring, all within a unified ecosystem.\n\n## Getting Started\n\nTo start using Inigo with Yoga Server, simply follow the [plugin for Yoga setup guide](https://docs.inigo.io/product/agent_installation/yoga). Our step-by-step guide will help you integrate your Yoga Server with Inigo effortlessly.\n\n## Installing Inigo for Yoga\n\nPer Inigo’s [Yoga documentation](https://docs.inigo.io/product/agent_installation/yoga), one can install Inigo for Yoga using the following commands:\n\n```\nnpm install inigo.js\nnpm install inigo-darwin-arm64\n```\n\nThe **YogaInigoPlugin** must be set into **plugins** in your existing Yoga server code. Note that the **typeDefinitions** in this example is your GraphQL schema definition.\n\n```\nimport { createYoga } from \"graphql-yoga\";\nimport { YogaInigoPlugin } from \"inigo.js\";\n\n// ...\n\n const yoga = createYoga({\n schema,\n plugins: [YogaInigoPlugin({Schema: typeDefinitions})]\n });\n```\n\n## Getting Started with Inigo for Yoga\n\nOnce the installation is complete, you can continue with the [Inigo Getting Started guide](https://docs.inigo.io/) to create an Inigo Service and create a token. The **INIGO_SERVICE_TOKEN** must be available as an environment variable when the Yoga server is started.\n\n```\nexport INIGO_SERVICE_TOKEN=\"paste the token here\"\n\nnpm run start\n```\n\nAfter the server starts, any GraphQL queries will be captured by the Inigo plugin, and query data will soon be visible in [app.inigo.io](https://app.inigo.io) under the **Observe** view.\n\n## Conclusion\n\nIn summary, the introduction of the [Inigo plugin for Yoga](https://docs.inigo.io/product/agent_installation/yoga) offers streamlined observability and security management. This collaboration between Inigo and The Guild offers an easy installation and setup, and the Yoga Inigo plugin empowers developers to elevate the performance and security of their GraphQL applications.\n\n## We Want to Hear from You!\n\nYour feedback is crucial as we continue to enhance Inigo's capabilities. After integrating with Yoga Server, let us know your thoughts and how we can further improve your GraphQL management experience.\n\nThank you for your continued support and trust in Inigo. We're looking forward to seeing how you leverage this new integration to supercharge your GraphQL projects.\n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eWe're excited to announce that Inigo now fully supports integration with GraphQL Yoga, the latest and most flexible GraphQL server by The Guild. This new integration is part of our ongoing commitment to provide versatile and comprehensive GraphQL management solutions that cater to the diverse needs of our users.\u003c/p\u003e\n","createdAt":"2024-02-12T18:44:45.364Z","updatedAt":"2024-02-12T19:13:04.547Z","publishedAt":"2024-02-12T19:02:37.879Z","path":"yoga-inigo","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-02-13","keywords":"GraphQL, Yoga, Security, Monitoring, Observability","cover":{"data":{"id":520,"attributes":{"name":"yoga-header.png","alternativeText":"yoga-header.png","caption":"yoga-header.png","width":2100,"height":900,"hash":"yoga_header_bd50906107","ext":".png","mime":"image/png","size":1405.35,"url":"/img/strapi/yoga-header.png","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-02-12T18:48:26.457Z","updatedAt":"2024-02-12T18:48:26.457Z"}}},"related":[]}},{"id":39,"attributes":{"title":"Kickstart Your GraphQL Projects in 2024 with Inigo","author":"Eric Murphy","text":"Unfortunately layoffs, hiring freezes, reorgs, and budget cuts took their toll in 2023 across the software development industry. Many GraphQL development projects were slowed or paused due to reduced resources and shifting priorities. The focus often moved to simply maintaining existing APIs for the remainder of 2023.\n\nYet the desire for companies to expand GraphQL usage in 2024 remains, and we heard as much at [GraphQL Conf](https://inigo.io/blog/graphqlconf_2023_recap), [GraphQL Summit](https://inigo.io/blog/graphqlsummit_2023_recap), API World, and API Days at the end of last year. Many had ambitious plans to grow their GraphQL footprint in 2024.\n\nInigo provides first-class GraphQL-native observability, security, and federation for your GraphQL APIs. Inigo is the ideal GraphQL solution to kickstart and accelerate your GraphQL projects in 2024, as Inigo helps reduce costs and shortens the path to production with your GraphQL APIs.\n\n## Reduce Cost for GraphQL Development and Deployment\n\nGiven the hangover of reduced budgets and decreased development resources for GraphQL API projects in 2024, cost efficiency is necessary, and Inigo helps in these areas:\n\n* Inigo offers a [free Starter Edition](https://inigo.io/blog/introducing_inigo_starter_edition) with up to 5 million monthly GraphQL requests\n* Inigo offers a [cost-effective GraphOS Alternative](https://inigo.io/blog/top_10_benefits_of_inigo_over_apollo_graphos) to help justify the expense of your GraphQL Federation initiatives\n* Inigo works with any GraphQL server or gateway, so there are no complex and expensive migration costs\n* Inigo is a cloud-hosted GraphQL SaaS platform, so there are minimal extra cloud infrastructure costs (unless an on-prem deployment of Inigo is necessary)\n* Inigo’s [pricing model](https://inigo.io/pricing) is reasonable and scalable for all customers\n\nInigo helps projects move forward by fitting into constrained budgets while still providing all of the features expected of an enterprise GraphQL platform.\n\n## Bring Your GraphQL APIs to Production Sooner\n\nReducing time to production for your GraphQL APIs helps justify the business value of GraphQL and also helps reduce costs over time, and Inigo helps in these areas:\n\n* Inigo [improves collaboration and accelerates your GraphQL Journey](https://inigo.io/blog/graphql-collaborative-journey)\n* Inigo provides [advanced monitoring of your GraphQL APIs](https://inigo.io/observability) to help improve reliability and performance in production\n* Inigo accelerates implementing incident response for your GraphQL services with [Advanced GraphQL Alerts](https://inigo.io/blog/advanced-alerts-graphql)\n* Inigo [Explorer helps improve developer productivity](https://inigo.io/blog/graphql-playground-tour)\n* Inigo [improves the security of your GraphQL APIs](https://inigo.io/blog/graphql-playground-tour) such as helping to [prevent Denial of Service Attacks](https://inigo.io/blog/hasura_inigo_dos_attack)\n* Inigo integrates enterprise single sign-on with Okta\n\nAlso, by proving that GraphQL APIs can be quickly brought to production and deliver business value, it will be easier to justify the budget for additional GraphQL API projects across the enterprise for 2024 and beyond.\n\n## Conclusion\n\nMany organizations faced severe challenges in 2023, characterized by layoffs, reorganizations, and budget constraints, which impacted the progress of GraphQL API initiatives. However, the enthusiasm and commitment towards expanding GraphQL usage have remained unchanged, as evident from industry conferences at the end of 2023.\n\nInigo is a financially viable solution for GraphQL API projects with reduced budgets and limited development resources. Furthermore, Inigo’s compatibility with any GraphQL server or gateway eliminates the need for costly and complex migrations, while its cloud-hosted platform minimizes additional infrastructure expenses. Inigo helps your organization justify and reprioritize your GraphQL initiatives for 2024.\n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003e2023 was a challenging year for the software development industry with layoffs and budget cuts, leading to slowed GraphQL projects. However, the excitement for expanding GraphQL in 2024 is still strong, as seen at major industry conferences. Inigo emerges as a cost-effective, comprehensive solution for GraphQL APIs, offering observability, security, and easy integration, making it the go-to choice for revitalizing GraphQL initiatives in 2024.\u003c/p\u003e\n","createdAt":"2024-01-19T20:39:31.218Z","updatedAt":"2024-01-22T22:42:35.914Z","publishedAt":"2024-01-22T22:42:35.908Z","path":"kickstart-graphql-2024","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-01-24","keywords":"GraphQL, Security, Federation, Monitoring, Observability","cover":{"data":{"id":513,"attributes":{"name":"Kickstart Your GraphQL Projects in 2024 with Inigo.webp","alternativeText":"Kickstart Your GraphQL Projects in 2024 with Inigo.webp","caption":"Kickstart Your GraphQL Projects in 2024 with Inigo.webp","width":2100,"height":900,"hash":"Kickstart_Your_Graph_QL_Projects_in_2024_with_Inigo_11273a9a4f","ext":".webp","mime":"image/webp","size":129.74,"url":"/img/strapi/Kickstart_Your_GraphQL_Projects_in_2024_with_Inigo.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-01-22T22:40:55.689Z","updatedAt":"2024-01-22T22:40:55.689Z"}}},"related":[]}},{"id":38,"attributes":{"title":"Our New GraphQL Playground for Everyone: Public Explorer","author":"Eric Murphy","text":"In our [New GraphQL Playground Tour — Tracing Included](https://inigo.io/blog/graphql-playground-tour) blog post, we detailed our new GraphQL IDE for Inigo users. The response was overwhelmingly positive, and we've decided to open up the basic features of Inigo Explorer to everyone, free of charge. No Inigo account is required to get started!\n\nAnyone can now simply navigate to our [public explorer](https://explorer.inigo.io) and set a GraphQL endpoint. The schema will automatically be introspected, and you can start building your GraphQL queries immediately.\n\n![Explorer 3.png](/uploads/Explorer_3_a497c60627.png)\n![Explorer 2.png](/uploads/Explorer_2_94071730e8.png)\n\n## Public Explorer Features\n\nThe public version of the Inigo Explorer offers the following features:\n1. Query schema navigation\n2. Query validation\n3. Query execution history\n4. Auto-insertion of variables from a query\n5. Preflight scripts (local storage)\n6. Query collections with the ability to save queries (local storage)\n7. Basic metrics (Status code, Response Time, Response Size)\n8. Light and Dark modes\n9. Support for an ?endpoint= URL parameter to automatically set the GraphQL endpoint for Explorer\n10. Support for a ?query= GraphQL Query to prepopulate the Query Editor ([example link](https://explorer.inigo.io/?sidebarTab=docs\u0026otherTabs=variables\u0026responseTab=response\u0026docsPath=query.rockets.payload_weights\u0026query=query+Query%28%24limit%3A+Int%2C+%24offset%3A+Int%29+%7B%0A++rockets%28limit%3A+%24limit%2C+offset%3A+%24offset%29+%7B%0A++++name%0A++++engines+%7B%0A++++++layout%0A++++++propellant_1%0A++++++thrust_sea_level+%7B%0A++++++++lbf%0A++++++%7D%0A++++%7D%0A++++height+%7B%0A++++++feet%0A++++%7D%0A++++payload_weights+%7B%0A++++++lb%0A++++++name%0A++++%7D%0A++%7D%0A%7D%0A\u0026variables=%7B%0A++%22limit%22%3A+5%2C%0A++%22offset%22%3A+0%0A%7D\u0026endpoint=https%3A%2F%2Fspacex-production.up.railway.app\u0026proxyEnabled=true))\n\nYou get all these great features without any strings attached; just start using Explorer! All queries and the query execution history are stored inside your browser’s local storage; Inigo does not keep any of this data.\n\n## Conclusion\n\nThe public version of Inigo's Explorer offers essential GraphQL playground features with a user-friendly interface. The Explorer can be a stepping stone to trying out the Inigo platform.\n\nCheck out our recorded [webinar to see a demo of Inigo's Explorer!](https://www.youtube.com/watch?v=5x_hIRMVtOs\u0026t=187s)\n\nTo learn more about the specific features of Explorer, please check out our [official documentation for Explorer](https://docs.inigo.io/product/explorer).\n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eInigo's new public Explorer is a user-friendly GraphQL IDE that offers essential features like schema navigation, query validation, auto-insertion of variables, saved queries, and execution history for free, without the need for an account. Explorer also makes it easy to share links to queries with others that and ready to run!\u003c/p\u003e\n","createdAt":"2024-01-12T19:32:13.383Z","updatedAt":"2024-01-17T01:53:59.345Z","publishedAt":"2024-01-16T22:22:58.128Z","path":"inigo-explorer-public","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-01-10","keywords":"GraphQL, Editor, Explorer, Playground, Video","cover":{"data":{"id":511,"attributes":{"name":"Our-New-GraphQL-Playground-for-Everyone_-Public-Explorerc.webp","alternativeText":"Our-New-GraphQL-Playground-for-Everyone_-Public-Explorerc.webp","caption":"Our-New-GraphQL-Playground-for-Everyone_-Public-Explorerc.webp","width":2100,"height":918,"hash":"Our_New_Graph_QL_Playground_for_Everyone_Public_Explorerc_404351ea67","ext":".webp","mime":"image/webp","size":98.52,"url":"/img/strapi/Our-New-GraphQL-Playground-for-Everyone_-Public-Explorerc.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-01-17T01:41:46.180Z","updatedAt":"2024-01-17T01:41:46.180Z"}}},"related":[]}},{"id":37,"attributes":{"title":"Advanced Alerts for Your GraphQL API with Inigo","author":"Eric Murphy","text":"GraphQL creates new challenges for traditional monitoring and alerting tools that cater to REST APIs, which depend on HTTP status codes 4xx and 5xx when things go wrong. For a GraphQL API, when things go wrong, the HTTP status code will often remain as a status code 200, but any errors will be embedded in the JSON response data in an errors field.\n\nMonitoring tools for GraphQL APIs must support the ability to parse, log, and alert on these embedded GraphQL errors and other specific GraphQL attributes. Inigo supports advanced GraphQL monitoring and analytics that is leveraged to implement alerts.\n\nThe main use case for alerts is to provide notifications to GraphQL service operators to inform them of GraphQL query errors or critical metric thresholds being surpassed, such as rate limits, which result in a BLOCKED status.\n\n## Creating an Alerts Configuration\n\nInigo’s alerts can be created from the following attributes, as detailed in our [Alerts doc](https://docs.inigo.io/reference/configuration/alerts):\n\n* **has_errors:** Whether the JSON response from the GraphQL contains errors\n* **error:** The specific error message in the response\n* **status:** One of EXCEPTION, BLOCKED, PASSED, or NONE\n* **operation_type:** One of QUERY, MUTATION, SUBSCRIPTION, UNKNOWN\n* **operation_name:** The specific named GraphQL query\n* **client:** The specific client running the operation\n* **tag:** The specific tag for the operation\n\nA simple **Alerts** configuration to generate alerts for all **Login** operation errors can be configured using YAML as such:\n\n```\nkind: Alerts\nname: demo\nlabel: prod\nspec:\n alerts:\n - name: \"login_errors\"\n metric: calls\n window: 2m\n threshold: 5\n filters:\n operation_name: Login\n has_errors: true\n```\n\nThe **name** and **label** should match your desired Inigo **Service** **name** and **label**. The **Alerts** configuration can be applied using Inigo’s CLI as such:\n\n```\ninigo apply demo-alerts.yaml\n```\n\nAfter alerts, such as an error with the **Login** operation, are triggered, they will be visible in the Inigo cloud under the **Events** screen.\n\n## Exporting Alerts to Slack\n\nYour alerts can be exported to Slack as shown in our [Alerts doc](https://docs.inigo.io/reference/configuration/alerts). You can send the alerts to either a public or private Slack channel where operators of your GraphQL service can see and act upon alerts as necessary.\n\nHere is an example of an alert as shown in Slack:\n\n![Example Alert in Slack](/uploads/example_alert_2db8d03f50.webp)\n\nBy clicking the Open in Inigo button, the operator can see specific details about the alert and begin to take action.\n\n## Conclusion\n\nInigo revolutionizes the way GraphQL API monitoring and alerting are implemented. Its advanced capabilities in parsing, logging, and alerting on GraphQL errors and specific attributes make it an indispensable tool for any GraphQL API. By offering customizable alert configurations and integration with platforms like Slack, Inigo ensures that GraphQL service operators stay informed and ready to act promptly on any issues.\n\nTo get started with Inigo and our Alerts implementation, you can create a free account for Inigo and follow our Getting Started guide. \n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eGraphQL creates new challenges for traditional monitoring and alerting tools that cater to REST APIs, which depend on HTTP status codes 4xx and 5xx when things go wrong. Monitoring tools for GraphQL APIs must support the ability to parse, log, and alert on these embedded GraphQL errors and other specific GraphQL attributes. Inigo supports advanced GraphQL monitoring and analytics that is leveraged to implement alerts.\u003c/p\u003e\n","createdAt":"2024-01-08T17:09:05.480Z","updatedAt":"2024-01-08T21:00:11.725Z","publishedAt":"2024-01-08T17:43:24.799Z","path":"advanced-alerts-graphql","author_twitter":"https://twitter.com/Inigo_graphql","date":"2024-01-08","keywords":"GraphQL, Observability, Alerts, Monitoring, Operations, GraphOps","cover":{"data":{"id":507,"attributes":{"name":"advanced-alerts-header.webp","alternativeText":"advanced-alerts-header.webp","caption":"advanced-alerts-header.webp","width":2100,"height":900,"hash":"advanced_alerts_header_b282254ac3","ext":".webp","mime":"image/webp","size":200.04,"url":"/img/strapi/advanced-alerts-header.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-01-08T17:24:38.673Z","updatedAt":"2024-01-08T17:24:38.673Z"}}},"related":[]}},{"id":36,"attributes":{"title":"Streamline 8 Everyday Tasks of a GraphQL Developer with Inigo","author":"Eric Murphy","text":"## Overview\nGraphQL is a great technology for organizations to modernize and scale their APIs across teams. But what is often overlooked is the complexities of GraphQL development that overload a developer's day-to-day activities. Also, with the advent of DevOps and API platform teams, many developers find themselves partly responsible for monitoring the GraphQL services and fixing production issues as they arise. Most developers just want to write code and focus on delivering features, so tools that streamline GraphQL for developers are immensely valuable.\n\nHere are the ways Inigo’s GraphQL platform helps developers throughout their day and simplifies building and maintaining GraphQL services, and how Inigo aligns with the typical daily responsibilities of a GraphQL developer:\n\n## 1. Monitoring for errors and optimizing the performance of GraphQL services that are running in production\n\nInigo provides [detailed observability](https://inigo.io/observability) to quickly identify recent and frequent errors across all GraphQL services, aligning with a developer’s need to maintain reliable and performant APIs. Developers log into Inigo and view dashboards that give a high-level overview of the health of the GraphQL services that they are responsible for, including the ability to drill down into each subgraph. \n\nFor Inigo’s users, we see developers using Inigo several times a day to check on the current state of their services, whether they are running in production or non-production deployments.\n\n![Subgraphs Dashboard](/uploads/streamline_everyday_tasks_developer_1_21e5b6b149.webp)\n\n## 2. Implementing data security, including authentication and authorization\n\nInigo provides robust security features, including JWT token authentication and [Role-Based Access Control (RBAC)](https://inigo.io/access_control) for field-level security based on the GraphQL schema. Additionally, Inigo implements GraphQL [query protection](https://inigo.io/query_protection) and [rate-limiting](https://inigo.io/rate_limiting) capabilities to provide additional security. Finally, GraphQL introspection should be secured using RBAC, so [disabling introspection in production](https://inigo.io/blog/you-dont-need-to-disable-introspection) is unnecessary.\n\nEven better, developers do not need to write a line of code to leverage these security features of Inigo. Instead, Inigo applies [policies created in YAML](https://docs.inigo.io/reference/configuration/) that configure RBAC, rate-limiting, query protection, and more. This separation of concerns is welcome to developers mired in writing complex authentication and authorization code directly into their GraphQL resolvers.\n\n## 3. Managing deployment and continuous integration of GraphQL services\n\nInigo allows your team to effectively implement a GitOps workflow for building and maintaining GraphQL services using Inigo. The YAML policies discussed in #2 can be checked into a Git rep and applied during the CD phase of the build pipelines. This applies to any Inigo YAML configuration, from Services to Subgraphs. This is possible by integrating the [Inigo CLI](https://docs.inigo.io/reference/cli/) into the build pipelines.\n\nThe Inigo CLI can also trigger Schema [Checks](https://docs.inigo.io/product/schema_management/checks) and [Publishing](https://docs.inigo.io/product/schema_management/publishing) during development and CI, as discussed in #4.\n\n## 4. Ensuring Quality with Code Reviews and Automation\n\nJust doing code reviews for GraphQL service changes isn’t enough. Tools and automation are needed to supplement code reviews to give the full picture if any code or schema changes will cause problems, including breaking changes, new instability, or performance degradation.\nFor example, developers will not immediately recognize if a GraphQL schema change will have unforeseen consequences, such as breaking existing GraphQL clients' queries. If Apollo Federation is used, there is also a high risk for composition errors that will not be initially obvious.\n\nInigo provides two main benefits when it comes to supplementing code reviews and ensuring that quality code gets delivered to production.\n\n1. The Inigo CLI can be plugged into the CI pipeline, including [GitHub Actions](https://docs.inigo.io/reference/cli/github_action), to ensure the schema changes are valid and will not break existing clients and also not break composition for Apollo Federation. Even better, the developers can check for breaking changes on their local machine using the Inigo CLI before creating a pull request.\n2. Inigo’s observability can be used for Test environments to observe for new errors or performance issues before they ever make it to a production rollout. This will be even more effective if integration tests are run that fully exercise the GraphQL APIs daily.\n\n## 5. Developing and maintaining GraphQL schemas\n\nIf GraphQL schema changes are needed, a developer will need the proper context to make schema changes. This is where Inigo comes in where it’s easy to see:\n\n1. The currently published schemas, including the supergraph and subgraphs\n2. A full history of the schema changes made over time with the ability to diff the schemas\n3. The ability to see [analytics data to the field level](https://inigo.io/observability) for the schema and also see a heat map of the utilization of the schema by existing GraphQL clients\n\nAs such, a developer can leverage Inigo’s schema tracking and analytics to view the schema’s evolution before introducing any further changes to the GraphQL schema.\n\n## 6. Collaborating with teams to maintain coding standards and practices\n\nGraphQL schemas are the foundation of building GraphQL services, and if the schemas are inconsistent across teams and services, there will be problems with maintenance, including implementing Federation in the future.\n\nAn organization should standardize how schemas are formatted and implement proper naming conventions. While developers will do their best to follow these conventions, mistakes are bound to happen, and that’s where Schema Linting comes in.\n\nThe Inigo CLI supports Schema Linting, which will validate the current schema’s adherence to the standards. The developer can run the Schema Linting on their local machine, and the Inigo CLI can be used in the CI pipeline to run a Schema Linting step as part of the build process.\n\n## 7. Implementing GraphQL Services (Subgraphs)\n\nWhile Inigo cannot help developers write code (leave AI to that), it will help developers implement their subgraphs when using Apollo Federation. Often, a developer will only have easy access to some of the subgraphs on which their subgraph depends for composing a supergraph.\n\nUsing the Inigo CLI and the [LocalCompose](https://docs.inigo.io/product/schema_management/local_composition) configuration, developers can easily extend and override other subgraphs, even if they don’t have direct access to the other subgraph schema. This flexibility helps accelerate the development of subgraph services.\n\n## 8. Collaborate on Writing GraphQL Queries\n\nLast but not least, developers will need to implement GraphQL queries. Using Inigo’s Explorer, developers can easily construct new queries, save those queries, and share the queries with other developers. This collaboration enables developers to write more effective queries and speeds up the development process.\n\n## Conclusion\n\nIn conclusion, Inigo is an indispensable tool for GraphQL developers, adeptly addressing daily challenges. By providing comprehensive solutions for monitoring, security, deployment, quality assurance, schema management, team collaboration, and query development, Inigo not only enhances the efficiency of GraphQL development but also ensures the high quality and security of the end product. \n\nInigo’s ability to integrate seamlessly into existing workflows, coupled with the convenience of its features like the Inigo CLI, observability dashboards, and Explorer, makes it a valuable asset in the developer's toolkit. Ultimately, Inigo's well-rounded approach to streamlining GraphQL development allows developers to focus more on creativity and innovation while efficiently handling the complexities of API development and maintenance. This makes Inigo not just a tool but a partner in the journey of GraphQL API development.\n\n**Ready to take the next steps with Inigo?** You can:\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eInigo's GraphQL platform revolutionizes how developers work with GraphQL by offering tools that significantly streamline their everyday tasks. Inigo allows developers to concentrate more on coding and feature development while simplifying the creation, execution, and maintenance of GraphQL services in a collaborative way.\u003c/p\u003e\n","createdAt":"2023-12-08T20:43:57.241Z","updatedAt":"2024-01-05T16:32:36.665Z","publishedAt":"2023-12-11T17:35:52.395Z","path":"streamline-everyday-tasks-developer","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-12-12","keywords":"GraphQL, Developer, Observability, Security, Playground","cover":{"data":{"id":499,"attributes":{"name":"graphql_everyday_tasks.webp","alternativeText":"graphql_everyday_tasks.webp","caption":"graphql_everyday_tasks.webp","width":1400,"height":600,"hash":"graphql_everyday_tasks_59c0a04215","ext":".webp","mime":"image/webp","size":155.03,"url":"/img/strapi/graphql_everyday_tasks.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-12-27T17:56:28.299Z","updatedAt":"2024-01-05T16:32:34.329Z"}}},"related":[]}},{"id":35,"attributes":{"title":"New GraphQL Playground Tour — Tracing Included","author":"Eric Murphy","text":"The Inigo GraphQL platform continually evolves, pushing the boundaries of innovation. We're excited to announce the launch of [Explorer](https://docs.inigo.io/product/explorer), our upgraded GraphQL playground within Inigo. Explorer brings feature parity with other popular web-based GraphQL playgrounds with the following features:\n\n1. Query schema navigation\n2. Query validation\n3. Query execution history\n4. Auto-insertion of variables from a query\n5. Preflight scripts\n6. Query collections with the ability to save and share queries\n\nAlso, Explorer brings some unique capabilities:\n\n1. Integrated observability, including real-time metrics and traces \n2. Single interface for both supergraphs and subgraphs\n3. Tight integration makes exploration of GraphQL data from Explorer easy\n4. Works with any GraphQL gateway or server\n\nNext, let’s take a brief tour of Explorer and its capabilities.\n\n![Explorer Full View](/uploads/graphql_playground_tour_7_9988736182.webp)\n\n## Explorer Tour\n\n### 1. Easily Build a Valid Query Using Your Schema\nOnce your GraphQL server or gateway is connected and your Connection Settings are set up, Explorer will automatically provide your schema in the left hand pane. As you build a query, you can select or deselect fields to quickly build your query. Additionally, auto-complete with a popup menu is also available as you type in the editor.\n\n![Explorer Query](/uploads/graphql_playground_tour_1_5058526c0e.webp)\n\n### 2. Auto-Insertion of Variables\nAdditionally, if an operation requires variables, Explorer will automatically add the variables you need to the Variables section. You can then easily fill in the values as desired. This saves the manual copying and pasting of the variables from the query.\n\n![Explorer Variables](/uploads/graphql_playground_tour_2_d764f7cd4f.webp)\n\n### 3. Query Collections\nHaving a core set of GraphQL queries that you need for testing or debugging purposes is common. Explorer lets you create Collections of queries that are saved and organized for persistent use. \n\n![Explorer Query Collections](/uploads/graphql_playground_tour_3_16a734f5b6.webp)\n\n### 4. Query Execution History\nExplorer will maintain a history of your queries and resulting responses. Rest assured: This data is stored locally in your browser, not in Inigo, so potentially sensitive data from the responses is not stored in the cloud. You can also execute a query captured in the History again.\n\n![Explorer Execution History](/uploads/graphql_playground_tour_4_e1ca41f6c9.webp)\n\n### 5. Preflight Script\nIf you need to execute queries against a secured GraphQL endpoint that requires authentication, Explorer supports Preflight Scripts that allow you to execute the JavaScript code you need to authenticate and store a token that can be used directly within Explorer.\n\n![Explorer Preflight Script](/uploads/graphql_playground_tour_5_bb645d607a.webp)\n\n### 6. Tracing Capabilities\nSince Explorer works with supergraphs and subgraphs, you can directly use the query Operation Details and see how the query is traced from the supergraph to the subgraphs. This allows you to understand how the query is executed from the gateway and how the federated query is performing.\n\n![Explorer Tracing Capabilities](/uploads/graphql_playground_tour_6_af832f2c3c.webp)\n\n## Conclusion\n\nInigo’s Explorer improves the essential GraphQL playground features with innovative features and a unified interface. Inigo Explorer’s focus on streamlining workflows through advanced tracing capabilities and a consolidated workspace for query management can help make developers more productive. We plan to continue adding additional features to Explorer and would love your feedback on how Explorer could be further improved!\n\n**Ready to take the next steps with Inigo?** You can:\n\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)\n4. Check out our [Explorer documentation](https://docs.inigo.io/product/explorer)","short_text":"\u003cp\u003eWe're excited to announce the launch of Explorer, our upgraded GraphQL playground within Inigo.\u003c/p\u003e\n","createdAt":"2023-12-04T23:20:44.738Z","updatedAt":"2024-01-05T16:32:49.941Z","publishedAt":"2023-12-05T08:01:45.396Z","path":"graphql-playground-tour","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-12-05","keywords":"GraphQL, Playground, Sandbox, Editor, Tracing","cover":{"data":{"id":504,"attributes":{"name":"new_collaborative_and_productive_graphql_playground.webp","alternativeText":"new_collaborative_and_productive_graphql_playground.webp","caption":"new_collaborative_and_productive_graphql_playground.webp","width":1400,"height":600,"hash":"new_collaborative_and_productive_graphql_playground_47f4cee0d6","ext":".webp","mime":"image/webp","size":41.67,"url":"/img/strapi/new_collaborative_and_productive_graphql_playground.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-01-03T15:15:35.931Z","updatedAt":"2024-01-05T16:32:49.181Z"}}},"related":[]}},{"id":34,"attributes":{"title":"Embracing GraphQL - A Collaborative Journey","author":"Shahar Binyamin","text":"## Introduction\n\nThe journey of adopting GraphQL technology is a shared adventure, characterized by unique challenges and common trends. As we delve into the stories of fellow GraphQL adopters, it becomes evident that the journey is not a solitary quest, but rather a collective effort involving multiple stages of growth, exploration, and innovation.\n\nWe all go through similar phases: Some organizations try to leverage existing supporting tools, some build in-house, and others defer to off-the-shelf solutions. Nevertheless, as the Graph evolves, our teams and needs evolve with it.\n\nUnderstanding these phases and GraphQL’s lifecycle can help expedite your GraphQL roadmap and hopefully help identify any missing GraphQL building blocks so your org can scale confidently. \n\n![Embracing GraphQL - A Collaborative Journey Steps.webp](/uploads/Embracing_Graph_QL_A_Collaborative_Journey_Steps_5952d6cf42.webp)\n\n## The Phases of GraphQL Adoption\n\n### GraphQL Exploration\nIn many organizations, there's usually a 'GraphQL champion', perhaps someone like you. This person might start their first GraphQL project or bring experience from previous projects. Their aim could be anything from experimenting with GraphQL as a side project to introducing new functionalities in a product, or even replacing older REST APIs.\n\nThe first step in GraphQL adoption often begins with a basic setup - typically a single GraphQL server connected to one database. This is where key decisions are made about exploring GraphQL, drawing on the wealth of resources and tools available in the GraphQL community.\n\nChoosing the right implementation and tools is crucial at this stage, keeping in mind that different teams within your organization might select different GraphQL tools or implementations based on their specific needs.\n\nAs your team gains more experience with GraphQL, the structure of your GraphQL implementation may evolve. This could lead to adopting a federated architecture, where different teams manage their own services (known as subgraphs). These subgraphs are then integrated and managed by a federated gateway, creating a cohesive and unified schema from multiple sources.\n\n### Developer Safeguards: Building a Strong Foundation\n\nThis phase, which I like to call the ‘Developer Safeguards’ phase, focuses on expanding the GraphQL toolbox and laying a strong foundation for future development. \n\nThis phase integrates specific GraphQL concepts into the development lifecycle by applying a declarative shared configuration and integrating it with development management tools like CI/CD.\n\nEssential tools often adopted during this phase include:\n- Schema Checks: Ensuring that GraphQL schemas are robust and error-free.\n- Operation Registry: Efficient management of GraphQL operations.\n- Schema Registry and Composition: Organizing and managing multiple GraphQL schemas.\n- Linting: Maintaining code quality and consistency.\n\n### Acceleration\nIn the ‘Acceleration’ phase, the adoption of GraphQL gains momentum. Here, multiple teams might start offering GraphQL endpoints, and the responsibility for the operability of the graph often shifts to broader API/Platform teams, who own a broader API mandate.\n\nCollaboration is needed to speed up product delivery between GraphQL subgraph tenets, the platform team, and the frontend teams. This phase includes exploring tools for:\n- Advanced GraphQL Observability: Gaining deeper insights into GraphQL operations.\n- Performance and Cost Analysis: Understanding and optimizing the resource utilization.\n- SubGraph Trace: Tracing and troubleshooting GraphQL queries.\n- Elevate GraphQL Errors: Identifying and prioritizing critical errors.\n- Assessing GraphQL System Health: Maintaining the overall health of the GraphQL system.\n\nThis is a pivotal stage. The first reaction is to try and leverage existing REST API tools to help with GraphQL's missing building blocks. In some organizations, these tools are sufficient, but in others, it's realized that existing REST tools lack the necessary breadth to support a free-form API like GraphQL.\n\n![Embracing GraphQL - A Collaborative Journey Gaps.webp](/uploads/Embracing_Graph_QL_A_Collaborative_Journey_Gaps_301b07c9d7.webp)\n\n### Intelligence\n\nThe fourth stage, termed the “Intelligence” phase, marks a point where GraphQL’s influence extends beyond just the frontend and backend engineering teams. It involves GraphQL collaboration as it starts impacting various organizational teams, including:\n- Business Teams: Seeking operational reporting.\n- Product Teams: Looking to understand feature impacts.\n- DevOps: Handling infrastructure and operability.\n\nDiscussions now revolve around product insights, anomaly detection, alerts, schema management, coverage, and history.\n\n![Embracing GraphQL - A Collaborative Journey Players.webp](/uploads/Embracing_Graph_QL_A_Collaborative_Journey_Players_183e774d12.webp)\n\n### Compliance and Governance\nThe final phase addresses GraphQL’s penetration into large organizations across Fortune 500, especially in sectors like finance. The ability to answer audit trail questions like “Who can access what?” and later on, “Who accessed what?” poses organizations with new hurdles. \n\nThis phase involves integrating security concepts such as RBAC and rate-limiting into day-to-day GraphQL operations in a declarative and abstract manner, necessitating the involvement of security and compliance teams.\n\n## Conclusion\nThe journey of adopting GraphQL is a testament to the power of collaboration and innovation. Each phase represents a crucial step in integrating this transformative technology across diverse business landscapes. Without cross-team efforts, appropriate tooling, and clear expectation-setting, the path to adopting GraphQL can be challenging. \n\nAs the GraphQL community continues to evolve, so too does its potential to revolutionize how we think about and manage APIs in the modern digital ecosystem.\n\nCan you pinpoint where your organization currently stands in this journey? Can you identify your gaps?\n","short_text":"\u003cp\u003eExplore the collaborative journey of adopting GraphQL, detailing its phases from initial exploration to compliance, and highlighting the evolution of teams, tools, and strategies needed for effective GraphQL integration in diverse business environments.\u003c/p\u003e\n","createdAt":"2023-11-28T22:07:23.059Z","updatedAt":"2024-01-05T16:33:01.839Z","publishedAt":"2023-11-28T22:13:51.583Z","path":"graphql-collaborative-journey","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-11-28","keywords":"GraphQL, Collaboration, Teams, Journey, scale, adoption","cover":{"data":{"id":505,"attributes":{"name":"embracing_graphql_a_collaborative_journey.webp","alternativeText":"embracing_graphql_a_collaborative_journey.webp","caption":"embracing_graphql_a_collaborative_journey.webp","width":1400,"height":600,"hash":"embracing_graphql_a_collaborative_journey_2dfdab14eb","ext":".webp","mime":"image/webp","size":85.18,"url":"/img/strapi/embracing_graphql_a_collaborative_journey.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2024-01-03T15:15:54.860Z","updatedAt":"2024-01-05T16:33:00.943Z"}}},"related":[]}},{"id":33,"attributes":{"title":"Top 10 Benefits of Inigo’s Replacement for GraphOS","author":"Eric Murphy","text":"At the industry events [GraphQLConf](https://inigo.io/blog/graphqlconf_2023_recap/), [GraphQL Summit](https://inigo.io/blog/graphqlsummit_2023_recap/), and API World, we noticed a clear message: Users of Apollo Studio and GraphOS are looking for alternatives. Despite its range of features, GraphOS falls short in critical areas such as observability and security. Moreover, its pricing structure and rigid deployment demands are compelling Apollo customers to consider other options.\n\nResponding to this customer demand, Inigo has enhanced its platform, positioning it as a [seamless substitute for Apollo GraphOS](https://inigo.io/apollo-vs-inigo/) without compromising on the superior [observability](https://inigo.io/observability/) and [security](https://inigo.io/security/) features that set Inigo apart. \n\n## Top 10 Benefits of Inigo Over GraphOS\n\nInigo’s superior feature set directly translates to improving the everyday experience of using GraphQL for developers, operators, architects, and managers of GraphQL services, including the dedicated API Platform Teams that are becoming more commonplace in large organizations. \n\nHere are the Top 10 benefits of swapping out GraphOS for Inigo:\n\n### 1. Take Your Existing Apollo GraphQL Deployments To the Next Level\n\nInigo readily supports Apollo's open-source [Server](https://docs.inigo.io/product/agent_installation/javascript_apollo_plugin), [Gateway](https://docs.inigo.io/product/agent_installation/javascript_apollo_gateway), and [Router](https://docs.inigo.io/product/agent_installation/rust_apollo_router). You can easily integrate Inigo with your existing Apollo deployments by installing the Inigo agent, streamlining your setup process. Migrating from GraphOS to Inigo is straightforward, and you can leverage Inigo’s [schema composition](https://inigo.io/managed_federation/) and [schema-checking](https://inigo.io/managed_schema/) features for a smooth transition with Apollo Federation. Best of all, you can immediately leverage all of the other benefits of Inigo to take your Apollo deployments to the next level!\n\n### 2. Freedom to Choose and Scale for the Future\n\nAs your organization's use of GraphQL evolves, so must the adaptability of your teams and technologies. Relying solely on vendor support tailored for the Apollo stack may prove restrictive, particularly when various departments within your organization require diverse GraphQL implementations to meet their unique technical demands. Inigo offers a versatile management platform that integrates effortlessly with [any GraphQL server](https://docs.inigo.io/product/agent_installation/) configuration, ensuring a uniform GraphQL management experience throughout your enterprise. Inigo combines robust power with unparalleled flexibility.\n\n### 3. Spare Your Developers from GraphQL Complexities\n\nInigo goes above and beyond GraphOS to make GraphQL simpler for developers. Inigo instills a *separation of concerns* between GraphQL observability and security and the GraphQL implementation code that developers need to write. Inigo’s configuration-as-code approach can supplant hundreds of lines of code for query protections, JWT authentication, RBAC, rate-limiting, logging, tracing, and more. Introducing Inigo to your developers and adopting its features can be done gradually, and it’s not a one-size-fits-all approach.\n\n### 4. Improve Collaboration for Building and Operating GraphQL Services\n\nDevelopers, Architects, and Operators involved in GraphQL services require a collaborative approach to successfully develop, deploy, monitor, and maintain these services. While GraphOS provides fundamental collaborative tools through its GraphOS Explorer, Inigo takes this a step further by integrating features of Explorer with enhanced analytics and schema management, achieving a level of integration not possible in GraphOS. \n\nInigo also simplifies the collaboration process by allowing users to share direct links to pertinent Analytics data, such as error reports or performance metrics, streamlining the diagnostic process. Additionally, Inigo enables the creation of user groups with defined roles and responsibilities, ensuring that information can be shared effectively without compromising access control. \n\n### 5. Improve Standards for Your GraphQL Services\n\nEnterprises employing GraphQL across multiple teams often grapple with standardizing their GraphQL schemas. This challenge is further intensified by the complexities of managing supergraph schemas with Apollo Federation. Developers need robust tools that can be used locally to facilitate schema modifications while adhering to set standards and compliance requirements. Inigo addresses these issues with its advanced GraphQL Schema Linting feature that parallels GraphOS’s linting capabilities. \n\nAdditionally, Inigo's suite of developer tools, coupled with its configuration-as-code approach, simplifies the enforcement of standardization. It also provides sophisticated schema-checking functionalities that aid in normalizing schemas and preempting composition errors, ensuring smooth integration and consistency across the enterprise's GraphQL architecture.\n\n### 6. Make Informed Decisions on How to Evolve Your GraphQL Schemas\n\nGraphOS lacks the detailed analytics required to thoroughly examine client interactions with your API and schema. In contrast, Inigo captures comprehensive data, logging every type, field, and directive queried, and correlates this data to the actual GraphQL clients, providing valuable metrics. This information can be superimposed on your GraphQL schema to create visual heat maps, offering clear insights into how clients are utilizing your schema. \n\nWith Inigo, you can drill down to the specific details of who queried what and when including the frequency of each query. This level of detail empowers you to proactively safeguard against potential breaking changes and to strategically plan the future development of your schema. Inigo stands alone in providing these deep analytics that are essential for fully understanding the performance and use of your GraphQL APIs. \n\n### 7. Optimize Your GraphQL Services More Easily with Real-Time Performance Data\n\nInigo offers a comprehensive solution for monitoring GraphQL performance by capturing 100% of query performance data, in contrast to GraphOS, which only captures a small sample. This complete data collection with Inigo means you'll have access to accurate p95 metrics, crucial for pinpointing performance irregularities and bottlenecks that might remain unnoticed with partial data. Additionally, Inigo enables you to trace poorly performing queries to the precise moment they occurred, allowing for a more straightforward comparison with other monitoring tools and a much easier diagnosis of any dips in performance.\n\n### 8. Improve Error Capturing and Alerting for GraphQL Operations\n\nWhile GraphOS provides basic features to capture and alert on GraphQL errors, Inigo elevates this functionality by allowing users to categorize and prioritize errors, ensuring that teams focus on the most critical issues first. Inigo’s advanced capabilities include custom GraphQL directives tailored to trigger alerts for only the most severe errors, thus mitigating the risk of alert fatigue. Adopting Inigo transforms your GraphQL error-capturing and alerting capabilities, ensuring that your GraphQL monitoring is effective and efficient.\n\n### 9. Make Compliant, Mission-Critical GraphQL Services Possible\n\nThe adoption of GraphQL in mission-critical enterprise environments hinges on its ability to meet rigorous compliance standards. These standards often encompass service-level agreements (SLAs) that specify exacting performance, uptime, and security criteria. \n\nFor sectors like finance and healthcare, compliance takes on an even greater significance due to the necessity of meticulously tracking client data access and the capacity to conduct thorough audits. Features essential for maintaining such compliance, including rate limiting, role-based access control (RBAC), advanced performance monitoring and alerting, and audit trails, are beyond the capabilities offered by GraphOS. \n\nMoreover, compliance often demands versatile deployment strategies for GraphQL servers and gateways, such as on-premises or private cloud deployments, while also needing to align with SaaS applications. Inigo stands out as the sole provider with the comprehensive features and tools required to construct GraphQL services that align with the high compliance standards of mission-critical enterprise operations.\n\n### 10. Understand the Business Value Your GraphQL Services Are Providing\n\nIf your organization is just beginning to adopt GraphQL, you might be facing the considerable task of shifting from established REST or even traditional SOAP services to this new technology. A hurdle in adopting GraphQL is that it can act as a layer over existing backend services, potentially masking critical API usage metrics, which are key to understanding GraphQL's business impact. Such a lack of clear data can make it hard to argue for increased investment in GraphQL.\n\nInigo offers a solution with its sophisticated analytics tools, which shed light on how GraphQL services are used, right down to individual subgraphs. This insight allows for a detailed analysis of your schema's efficiency and gaps, helping to chart a purposeful path for the integration of GraphQL across your organization. Inigo's detailed analytics are essential for demonstrating the value of GraphQL, offering a depth of understanding that GraphOS simply does not provide.\n\n## GraphOS vs. Inigo Feature Comparison\n\nInigo matches and surpasses the capabilities of GraphOS in critical areas, including observability, analytics, security, managed federation, and developer tools. Inigo effectively fills the gaps found in GraphOS, and a direct comparison between the two platforms is shown in the following table:\n\n![inigo_graphos_feature_comparison_table.webp](/uploads/inigo_graphos_feature_comparison_table_d7a927f526.webp)\n\nAs you can see in the table, there are quite a few differences between GraphOS and Inigo. Still, Inigo surpasses GraphOS for critical features that users of GraphQL want to improve their day-to-day experience with GraphQL.\n\n## Conclusion\n\nIn the fast-paced tech environment where GraphQL has become a critical part of many organizations’ API strategies, choosing the right platform to manage your GraphQL services is pivotal. Inigo emerges not just as an alternative but as a beacon of advancement for those who seek not only to keep pace but to lead in innovation.\n\nInigo represents a strategic opportunity for businesses to maintain the continuity of their GraphQL operations with minimal pipeline disruption, escape the constraints of vendor lock-in, and ensure compatibility with the existing tech stack.\n\nMore than just a tool, Inigo is a safeguard for your developers, a catalyst for rapid GraphQL adoption, and a trusted vendor that understands the needs of an evolving tech landscape. It offers a unique blend of flexibility, security, and insightful analytics that not only rectifies the shortcomings of GraphOS but propels your GraphQL capabilities into a new realm of potential.\n\nBy choosing Inigo, you're not just upgrading your GraphQL management platform; you're investing in a partnership that understands the complexities of modern API ecosystems. You're gaining a collaborator dedicated to your growth, one that provides the clarity and control necessary to transform data into actionable insights, turn challenges into opportunities, and convert technological potential into tangible business success.\n\nHere's a quote from one of our satisfied customers highlighting the benefits they've experienced with Inigo:\n\n\u003e *Just wanted to let y’all know that Inigo has been so dope for helping us understand customer impact when something goes wrong. We can see how many unique users were affected in a few clicks. Love that Analytics tab!*\n\n**Ready to take the next steps with Inigo?** You can:\n\n1. Get started for free at [app.inigo.io](https://app.inigo.io)\n2. Book a demo today at [inigo.io/demo](http://inigo.io/demo)\n3. Ask questions on our [Slack channel](https://slack.inigo.io/)","short_text":"\u003cp\u003eSwitch from GraphOS to Inigo: Top 10 Benefits You Can't Ignore!\u003c/p\u003e\n","createdAt":"2023-11-08T22:01:48.731Z","updatedAt":"2023-11-08T22:47:53.466Z","publishedAt":"2023-11-08T22:37:49.764Z","path":"top_10_benefits_of_inigo_over_apollo_graphos","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-11-08","keywords":null,"cover":{"data":{"id":456,"attributes":{"name":"top_10_benefits_inigo_over_graphos.webp","alternativeText":"top_10_benefits_inigo_over_graphos.webp","caption":"top_10_benefits_inigo_over_graphos.webp","width":1400,"height":600,"hash":"top_10_benefits_inigo_over_graphos_b243367498","ext":".webp","mime":"image/webp","size":63.83,"url":"/img/strapi/top_10_benefits_inigo_over_graphos.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-11-08T22:20:35.464Z","updatedAt":"2023-11-08T22:20:35.464Z"}}},"related":[]}},{"id":32,"attributes":{"title":"GraphQL Summit Recap: Exploring Diverse GraphQL Solutions","author":"Eric Murphy","text":"## Overview\nLast week, Inigo proudly participated in the [GraphQL Summit](https://summit.graphql.com) in San Diego, where we engaged with a diverse crowd of GraphQL users and some members of the open-source GraphQL community. The event saw participation from various stakeholders in the GraphQL community including Apollo, the organizer of the GraphQL Summit.\n\n![graphql-summit-team-2023.webp](/uploads/graphql_summit_team_2023_9491aea2b6.webp)\n\nOur CEO, Shahar Binyamin, delivered an engaging talk on GraphQL adoption, attracting a nearly packed room and sparking numerous follow-up conversations. We spoke with over a hundred attendees during booth sessions, breakfasts, lunches, and the evening event, which provided insights and valuable perspectives on real-world GraphQL challenges.\n\n![graphql-summit-shahar-2023.webp](/uploads/graphql_summit_shahar_2023_112c862410.webp)\n\n## Challenges Encountered by GraphQL Users\n\nHere are the key challenges we discovered at GraphQL Summit from those currently implementing GraphQL in production or endeavoring to do so:\n\n1. **Desire for GraphOS Alternatives/Abstraction Layer:** Attendees expressed the need for alternatives to GraphOS and its various features, including gateway/router, federation, schema composition/registry, observability, and security. As many are in the evaluation phase of expanding their GraphQL usage, considering other platforms has become essential to the decision-making process.\n\n2. **Challenges with Federation:** Apollo Federation adoption presented difficulties, with specific concerns surrounding schema refactoring, subgraph composition, the move to the router and the transition to Federation v2.\n\n3. **Needing Flexible Deployments:** Many sought more flexible deployment options, particularly regarding the gateway/router running in private clouds and an isolated GraphQL management platform.\n\n4. **Enhanced Security Requirements:** Security was a top priority, with attendees looking for features like rate limiting and role-based access control (RBAC) in the next phase of GraphQL adoption. \n\n5. **Compliance and Observability Concerns:** Some attendees sought better compliance tools, including auditing and certification controls. They expressed a need for granular observability, similar to Inigo Analytics.\n\n## Notable Talks\n\nThe summit featured numerous insightful talks, and Apollo is currently releasing [videos of these sessions](https://www.youtube.com/playlist?list=PLpi1lPB6opQzUOqG3QroLLN06FF-Q_uhX). Stay tuned as all of them will be posted in the near future!\n\nSome of the talks that resonated most with the Inigo team included:\n\n* 200 NOT OK: High-Resolution Observability by Joey Nenni (PayPal)\n* How Intuit Handled The Busiest Time Of Year by Rama Palaniappan (Intuit)\n* Locally Debugging Supergraphs at Dow Jones by Ethan Ruoff (Dow Jones)\n* Monoliths, Migrations and Mergers Jameson Athanasiou (Liberty Mutual), Hunter Houston (EVgo), Shweta Sharma (Intuit), Conor Dempsey (Poppulo)\n* Caching Strategy for High Volume Personalized Content Requests by Emily Voytek (MLB) and Jamie Finucane (MLB)\n* From 50 Shades Of Apis to The Least Shady by Arsalan Ellahi (KiwiBank)\n\n## Conclusion\n\nThe GraphQL Summit showcased a growing interest in exploring a variety of GraphQL technologies and vendors to address diverse needs. This enthusiasm underscores the desire for a healthy array of options in the GraphQL space, which is crucial for the continued growth of GraphQL in the software industry.\n\nInigo came out of the GraphQL Summit with many new friends and potential customers. We look forward to continuing the conversations and staying connected with those we met. If you missed us at the GraphQL Summit or are facing similar challenges to those who attended, please reach out and schedule a [meeting](https://inigo.io/demo/) to discuss.\n\nLastly, for those using the Apollo Gateway or Router and interested in exploring additional functionalities, Inigo offers features like schema composition, schema checking, and schema registry, all compatible with your existing deployment. We're here to demonstrate the possibilities and welcome a discussion to better understand your needs. To learn more, please set up a [demo](https://inigo.io/demo/), and we will show you what’s possible!\n","short_text":"\u003cp\u003eLast week, Inigo had the privilege of attending the GraphQL Summit in San Diego. During the event, we had the opportunity to interact with a wide range of attendees, including both active GraphQL users and contributors from the open-source GraphQL community. We gathered valuable insights on the primary challenges faced by those who are currently using GraphQL in production or are in the process of implementing it.\u003c/p\u003e\n","createdAt":"2023-10-18T18:53:36.067Z","updatedAt":"2023-10-18T23:24:06.641Z","publishedAt":"2023-10-18T22:34:23.262Z","path":"graphqlsummit_2023_recap","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-10-18","keywords":null,"cover":{"data":{"id":452,"attributes":{"name":"graphql-summit-recap.webp","alternativeText":"graphql-summit-recap.webp","caption":"graphql-summit-recap.webp","width":1400,"height":600,"hash":"graphql_summit_recap_0b49903703","ext":".webp","mime":"image/webp","size":23.31,"url":"/img/strapi/graphql-summit-recap.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-10-18T20:36:54.777Z","updatedAt":"2023-10-18T20:36:54.777Z"}}},"related":[]}},{"id":31,"attributes":{"title":"GraphQLConf 2023 Recap: A Celebration of Knowledge and Community","author":"Shahar Binyamin","text":"## Overview\n\nThe GraphQL community came together in the Silicon Valley from September 19 to 21 for an exciting and memorable conference. This year's [GraphQLConf](https://graphql.org/conf/) was a testament to the growth and strength of the GraphQL ecosystem. As we recap this event, we extend our heartfelt congratulations to the GraphQL Foundation for their continued dedication to advancing GraphQL, and we can't help but feel proud of our conference committee members who worked tirelessly to make this event a reality. \n\n![GraphQLConf_2023_1.webp](/uploads/Graph_QL_Conf_2023_1_d9927e53e7.webp)\nPhoto Credit: GraphQLConf\n\n![GraphQLConf_2023_2.webp](/uploads/Graph_QL_Conf_2023_2_4ea42451ff.webp)\nPhoto Credit: GraphQLConf\n\nInigo was thrilled to be part of the GraphQLConf 2023 event as a Gold Sponsor. We were able to network and build relationships in the GraphQL community in a way not otherwise possible.\n\n![GraphQLConf_2023_3.webp](/uploads/Graph_QL_Conf_2023_3_e3f51dff6f.webp)\n\n## A Short Notice Success\nOne remarkable aspect of GraphQLConf 2023 was that it came together on relatively short notice. Despite the challenges, the conference delivered a spectacular experience for attendees. Special shout-outs go to Keith Babo and Doc Jones for their outstanding contributions. The conference offered a wide variety of workshops and talks, ensuring that there was something for everyone.\n\n![GraphQLConf_2023_4.webp](/uploads/Graph_QL_Conf_2023_4_cb5f5cf3f6.webp)\nPhoto Credit: GraphQLConf\n\n## Stellar Speakers\nThe lineup of speakers at GraphQLConf 2023 was truly amazing. Their knowledge and expertise shone through in every talk, and attendees were treated with valuable insights. The talks were thoughtfully curated to cater to all experience levels, from newcomers to seasoned GraphQL practitioners.\n\n![GraphQLConf_2023_5.webp](/uploads/Graph_QL_Conf_2023_5_cb4830aef1.webp)\nPhoto Credit: GraphQLConf\n\n## Unconference Excellence\nThe unconference sessions provided a valuable platform for community members to share their knowledge and engage in discussions on various GraphQL topics. It was a great opportunity for attendees to connect and learn from each other in an unstructured way.\n\n![GraphQLConf_2023_6.webp](/uploads/Graph_QL_Conf_2023_6_0e108bba6f.webp)\nPhoto Credit: GraphQLConf\n\n## Inigo's Barista: An Afternoon Caffeine Boost\nWe offered an Inigo expresso bar that gave everyone an option to the standard conference coffee. All attendees greatly appreciated our commitment to a caffeine boost with a supply of lattes, mochas, cappuccinos, and americanos.\n\n![GraphQLConf_2023_7.webp](/uploads/Graph_QL_Conf_2023_7_9693869f31.webp)\n![GraphQLConf_2023_8.webp](/uploads/Graph_QL_Conf_2023_8_5cd7a2a7a9.webp)\n\n## Maturity of Adoption\nGraphQL has come a long way since its inception, and its maturity of adoption was evident at the conference. With dozens of Fortune 500 companies in attendance, it's clear that GraphQL has become a crucial part of many tech stacks.\n\n## What We Learned\nAt the heart of any conference are the lessons learned, and GraphQLConf 2023 was no exception. Here are some key takeaways:\n\n### Fusion: New and Cool\n[Fusion](https://graphql.org/conf/schedule/4a4e842d1cd0c06083f484d31225abd1/?name=GraphQL%20Fusion:%20Rethinking%20Distributed%20GraphQL) was a standout topic at the conference. The talk introduced attendees to the latest developments in open-source GraphQL federation, promising exciting opportunities for GraphQL developers down the road with a new approach that makes building distributed GraphQL APIs easier.\n\n### Grafast: Unveiling the Potential\n[Grafast](https://graphql.org/conf/schedule/275443caa2eda5df06699b724efa533c/?name=The%20Future%20of%20Efficiency%20Is%20Here:%20Add%20Planning%20to%20Your%20Schema!) was another fascinating topic with a new approach to GraphQL execution that enables engineers to build next-level efficiency into new or existing GraphQL APIs – improving application performance, reducing operational costs, and delivering delightful user experiences.\n\n### Null Bubbling: Fixing a $1M Mistake\nThe talk on [Null Bubbling](https://graphql.org/conf/schedule/50005edb4a441b0335d1b80b4ad62b1a/?name=Fixing%20the%20Billion%20Dollar%20Mistake:%20Client%20Controlled%20Nullability) highlighted that Null has been famously called “the billion dollar mistake”. The Client Controlled Nullability proposal aims to empower client developers to tame nullability in the graph. Attendees left with a newfound understanding of how to avoid costly mistakes in GraphQL development.\n\n### Data Loader: Optimizing GraphQL Queries\nThe [Dataloader talk](https://graphql.org/conf/schedule/09bc04c42310bfe14024455bce46d781/?name=Dataloader%203.0%20-%20An%20Alternative%20Algorithm%20to%20Solve%20N+1%20Problems) talk dives deep into the topic of efficiently resolving deeply nested data. The talk presented an alternative algorithm that uses breadth-first resolving compared to depth-first, which Dataloader builds on top of.\n\n### Meet the TSC Team Members\nThe chance to meet the Technical Steering Committee (TSC) team members allowed attendees to connect with the individuals driving GraphQL's development.\n\n### The Future of Federation Spec\nThe future of the federation specification was a hot topic, and attendees gained valuable insights into the direction GraphQL Federation is heading.\n\n### React Server Components and GraphQL Synergy\nA [keynote talk](https://graphql.org/conf/schedule/e3320ba552ee773065a1a132304a36e0/?name=Is%20a%20GraphQL%20BFF%20Necessary%20in%20a%20Server%20Side%20React%20World%20(RSC,%20SAs)?) on how React Server Components and GraphQL work together gave attendees a clear understanding of how these technologies can complement each other in modern web development.\n\n### Standardizing Schemas with Lints\nThe importance of standardizing schemas was underscored in Unconference discussions on how linting can help maintain consistency in GraphQL schemas.\n\n## What Inigo Presented\n\nInigo also gave two insightful talks that had great feedback and are worth checking out:\n\n1. **[Unlocking Insights: Navigating the World of GraphQL Observability](https://graphql.org/conf/schedule/f8a4d2b939980ffadf787715033e2b4f/?name=Unlocking%20Insights:%20Navigating%20the%20World%20of%20GraphQL%20Observability)**\n2. **[Why Your GraphQL APIs Are (Increasingly) Under Attack](https://graphql.org/conf/schedule/3d167cf84012c4ff2dcca8fca736b0dd/?name=Why%20Your%20GraphQL%20APIs%20Are%20(Increasingly)%20Under%20Attack)**\n\nIf you have any questions about what you heard in our talks, feel free to reach out on our [Slack channel](https://slack.inigo.io)!\n\n## Conclusion\nIn conclusion, GraphQLConf 2023 was an exceptional event that brought the GraphQL community together to celebrate their shared passion and knowledge. With a focus on innovation, learning, and community building, it left attendees inspired and eager to continue pushing the boundaries of GraphQL. We look forward to seeing the lasting impact of this conference on the GraphQL ecosystem in the coming years. Thank you to all who made it possible, and we can't wait to see you at the next GraphQLConf!\n\n[For all conference's videos click here.](https://www.youtube.com/watch?v=3zLmU-W2wYA\u0026list=PLP1igyLx8foE9SlDLI1Vtlshcon5r1jMJ)\n","short_text":"","createdAt":"2023-09-26T17:52:46.568Z","updatedAt":"2023-09-26T22:04:33.631Z","publishedAt":"2023-09-26T17:52:53.441Z","path":"graphqlconf_2023_recap","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-09-26","keywords":null,"cover":{"data":{"id":449,"attributes":{"name":"graphqlconf_2023_recap.webp","alternativeText":"graphqlconf_2023_recap.webp","caption":"graphqlconf_2023_recap.webp","width":1400,"height":600,"hash":"graphqlconf_2023_recap_489937e68e","ext":".webp","mime":"image/webp","size":59.28,"url":"/img/strapi/graphqlconf_2023_recap.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-09-26T21:50:46.876Z","updatedAt":"2023-09-26T21:50:46.876Z"}}},"related":[]}},{"id":30,"attributes":{"title":"Introducing the Inigo Starter Edition: Unleash GraphQL Superpowers for Free!","author":"Eric Murphy","text":"## Overview\n\nInigo empowers your GraphQL experience with cutting-edge analytics, top-notch security, and a managed schema, all at the core of our brand-new Inigo Starter Edition. And here's the best part—it's totally FREE! No credit card is required, and it will remain free forever.\n\n#### *So, what can you achieve with the Starter Edition?* \n\nHere's a glimpse of the GraphQL superpowers at your disposal:\n\n1. **Advanced GraphQL Analytics:** Dive deep with granular filtering and query-level insights.\n\n2. **Role-Based Access Control (RBAC) Security:** Fortify your GraphQL API with user profiles, user roles, schema subsets, directives, and allowed operations.\n\n3. **Query Protection:** Shield your system from malicious GraphQL queries.\n\n4. **Rate Limiting:** Limit the number of GraphQL queries to your server.\n\n5. **Granular Rate Limits:** Fine-tune rate limits based on your GraphQL schema, queries, and user profiles.\n\n6. **Simplified RBAC:** No need to write code for Role-Based Access Control; Inigo handles it seamlessly.\n\n7. **JWT Token Validation:** Wave goodbye to code for JWT token validation, including JWT signature authentication against a JWKS endpoint.\n\n8. **GraphQL Schema Publishing:** Easily publish your GraphQL schema to a schema repository.\n\n9. **Schema Checks:** Prevent disruptions by checking for breaking changes in your GraphQL API based on live traffic history.\n\n10. **CI/CD Integration:** Incorporate schema checks into your CI/CD pipeline.\n\n11. **Configuration-as-Code:** Configure all Inigo features directly from your Git repository.\n\nStart your Inigo journey with the basics, like implementing query protection, and progressively unlock advanced features like RBAC and the schema registry as your needs evolve.\n\n#### *What's packed in the Starter Edition?*\n\n* **3 User Seats:** Get three team members on board.\n\n* **2 Inigo Services:** Manage two distinct Inigo services.\n\n* **5 Running Inigo Agents:** Keep your operations running smoothly.\n\n* **7 Days of Analytics Retention:** Analyze your data with a week's worth of historical insights.\n\n* **5 Million Monthly API Operations:** Handle millions of API operations each month.\n\n* **Advanced Analytics:** Dive into in-depth GraphQL data analysis.\n\n* **Query Protection:** Fortify your system with query protection.\n\n* **RBAC:** Implement Role-Based Access Control.\n\n* **Object-Based Rate Limiting:** Implement a default rate limit or fine-tune your rate limits.\n\n* **Managed GraphQL Schema Repository:** Easily manage your GraphQL schema.\n\n* **Support for Various GraphQL Servers:** It works seamlessly with many GraphQL server types.\n\nAnd once again, all of this comes at no cost. If you happen to exceed the limits of the Starter Edition, don't hesitate to get in touch with us about upgrading your account.\n\n#### *Ready to embark on your GraphQL journey with the Inigo Starter Edition?*\n\nYou don't need to switch technology stacks or migrate to a cloud-hosted GraphQL server or gateway. Just follow our [Getting Started Guide](https://docs.inigo.io/), and you can [deploy Inigo](https://docs.inigo.io/product/agent_installation/) with a wide range of common GraphQL servers. And if your GraphQL server isn't directly supported, you can still utilize a sidecar or standalone deployment of the Inigo agent without losing any functionality.\n\nIf you have any questions about harnessing your new GraphQL superpowers, please reach out to us on our [Slack channel](https://slack.inigo.io/) or drop us an email at [support@inigo.io](mailto:support@inigo.io). We're here to assist you every step of the way!","short_text":"\u003cp\u003eInigo empowers your GraphQL experience with cutting-edge analytics, top-notch security, and a managed schema, all at the core of our brand-new Inigo Starter Edition. And here's the best part—it's totally \u003cstrong\u003eFREE\u003c/strong\u003e! No credit card is required, and it will remain free forever. Learn how to get started!\u003c/p\u003e\n","createdAt":"2023-09-15T17:19:49.138Z","updatedAt":"2023-11-14T17:55:00.721Z","publishedAt":"2023-09-18T23:15:20.366Z","path":"introducing_inigo_starter_edition","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-09-18","keywords":null,"cover":{"data":{"id":439,"attributes":{"name":"Introducing the inigo starter edition unleash graphql superpowers for free .webp","alternativeText":"Introducing the inigo starter edition unleash graphql superpowers for free .webp","caption":"Introducing the inigo starter edition unleash graphql superpowers for free .webp","width":1400,"height":600,"hash":"Introducing_the_inigo_starter_edition_unleash_graphql_superpowers_for_free_dc7694534b","ext":".webp","mime":"image/webp","size":56.94,"url":"/img/strapi/Introducing_the_inigo_starter_edition_unleash_graphql_superpowers__for_free_.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-09-18T23:14:58.669Z","updatedAt":"2023-09-18T23:14:58.669Z"}}},"related":[]}},{"id":29,"attributes":{"title":"Hasura + Inigo: How to Prevent a Denial of Service Attack","author":"Eric Murphy","text":"## Overview\nHasura is a great way to turn your database into a GraphQL API, and the community version of Hasura can be freely hosted on your infrastructure. Inigo now offers an [integration](https://docs.inigo.io/product/agent_installation/hasura) of Inigo built directly into the Hasura community version, allowing you to observe and secure your GraphQL API running on Hasura.\n\nIn this article, you will learn how to install Inigo with Hasura and implement controls against a denial-of-service (DoS) attack against your Hasura instance. As you will see, Hasura, running on its own is vulnerable to various attack vectors that could make Hasura or your database unavailable during a DoS attack.\n\n## Getting Started with Hasura + Inigo\n\nWe have an [installation guide](https://docs.inigo.io/product/agent_installation/hasura) available for Hasura + Inigo, and the simplest approach is to use Inigo’s rebuilt container image for Hasura and run it in Docker or Kubernetes. Please follow the instructions in the installation guide so you can implement the DoS attack scenario laid out in this article.\n\n### Demo Scenario Setup\n\nTo demonstrate a DoS attack scenario against Hasura, a demo scenario needs to be set up. For the demo, four tables are created in a PostgreSQL database, for which Hasura will generate a GraphQL API. The [database schema setup SQL](https://github.com/inigolabs/workshops/blob/main/hasura-demo/setup.sql) can be easily executed directly in Hasura to create the actual database tables as shown in Figure 1.\n\n![Figure 1](/uploads/hasura_figure_1_433808dd41.webp)\n\n**Figure 1: [Database Schema Setup](https://github.com/inigolabs/workshops/blob/main/hasura-demo/setup.sql) in Hasura Console**\n\n### Setup Table/GraphQL Relationships\n\nNow that the database tables are created, it’s possible to define the **Relationships** that establish the mapping of the tables for generating the GraphQL schema. These mappings make it possible to nest the **author** in the **article**, for example.\n\nIn Figures 2-4, you can see how the **Relationships** are set up for **article**, **author**, and **article_tag** for the purposes of this demo. Please note that there is a bidirectional **Relationship** between the **article** and **author**, as this will be important for creating a vulnerability as demonstrated in this article.\n\n![Figure 2](/uploads/hasura_figure_2_ac678b7565.webp)\n\n**Figure 2: article relationships setup (tags, author) in Hasura Console**\n\n![Figure 3](/uploads/hasura_figure_3_aad5a2b7a0.webp)\n\n**Figure 3: author relationship setup (articles) in Hasura Console**\n\n![Figure 4](/uploads/hasura_figure_4_9ec5410d38.webp)\n\n**Figure 4: article_tag relationship setup (tag) in Hasura Console**\n\n### Insert Sample Data with a GraphQL Mutation\n\nNow that the tables and the **Relationships** are set up, it’s easy to populate the tables with a [single GraphQL **mutation**](https://github.com/inigolabs/workshops/blob/main/hasura-demo/graphql/insert_article.graphql) that contains an **article**, **author**, and a set of **tags** associated with the **article**. The **mutation** can be run directly from the Hasura console in GraphiQL as shown in Figure 5.\n\n![Figure 5](/uploads/hasura_figure_5_65e55fa629.webp)\n\n**Figure 5: [Insert Sample Data](https://github.com/inigolabs/workshops/blob/main/hasura-demo/graphql/insert_article.graphql) in GraphiQL in Hasura Console\nRun Sample GraphQL Queries**\n\nIn Figures 6 and 7, you can see the bidirectional nature of **article** and **author** where you can query from either direction with these sample queries. This means that [for every **article**, you can query the **author**](https://github.com/inigolabs/workshops/blob/main/hasura-demo/graphql/get_article_details.graphql), and [for every **author** you can query the associated **articles**](https://github.com/inigolabs/workshops/blob/main/hasura-demo/graphql/get_author_articles.graphql).\n\n![Figure 6](/uploads/hasura_figure_6_a3e69326c8.webp)\n\n**Figure 6: [Sample Query for article](https://github.com/inigolabs/workshops/blob/main/hasura-demo/graphql/get_article_details.graphql) with the author and tags in GraphiQL in Hasura Console**\n\n![Figure 7](/uploads/hasura_figure_7_6304c6af97.webp)\n\n**Figure 7: [Sample Query for author](https://github.com/inigolabs/workshops/blob/main/hasura-demo/graphql/get_author_articles.graphql) with the articles and tags in GraphiQL in Hasura Console**\n\nIn Inigo, you can see the GraphQL query execution times under the **Latency** column for these two queries in Figure 8. Each query has a latency of about 200ms, respectively, on the first query run (no data is cached). Additional execution times will be lower as PostgreSQL will cache data.\n\n![Figure 8](/uploads/hasura_figure_8_98da4ad8a4.webp)\n\n**Figure 8: Latencies for the two sample queries in Inigo Analytics**\n\nNow, the setup of the demo scenario is complete, and we can look at how to launch a denial of service (DoS) attack against Hasura!\n\n## DoS Attack Scenario #1: Flood with GraphQL Queries\n\nThe Hasura community version does not have rate-limiting features built into it. This means your Hasura instance will be vulnerable to bad actors flooding it with GraphQL queries, bringing Hasura and the database to a grinding halt.\n\nTo simulate this scenario, we will use the [**k6** load testing tool](https://k6.io/) with the [JavaScript code with a GraphQL query](https://github.com/inigolabs/workshops/blob/main/hasura-demo/k6/basic-query.js) as shown in Figure 9.\n\n![Figure 9](/uploads/hasura_figure_9_52d2f97429.webp)\n\n**Figure 9: Simple [Load Test Script](https://github.com/inigolabs/workshops/blob/main/hasura-demo/k6/basic-query.js) for k6**\n\nUsing this **k6** load test script, it can be run with the following command that will run with 2000 virtual users (vus):\n\n**k6 run --vus 2000 --duration 30s basic-query.js**\n\nAfter running this load test (ignore any connection errors from **k6**), you can then go to Inigo Analytics (app.inigo.io) to observe that these queries are taking over 5 seconds to execute, as shown in Figure 10. If you try to run queries from GraphiQL while the load test is running, you will see that Hasura has become nearly unresponsive as it’s flooded with GraphQL queries.\n\n![Figure 10](/uploads/hasura_figure_10_ffc6b35f82.webp)\n\n**Figure 10: High latencies when Hasura is flooded with queries in Inigo Analytics**\n\n## DoS Attack Scenario #2: Deeply Nested Query\n\nWhile Scenario #1 slowed down Hasura to be nearly unusable, Scenario #2 made it completely unresponsive. The key is to have an [extremely nested query](https://github.com/inigolabs/workshops/blob/main/hasura-demo/graphql/get_author_articles_dos.graphql) by abusing the bidirectional relationship between **article** and **author**. This relationship allows an infinite depth to a nefarious query with a snippet shown in Figure 11.\n\n![Figure 11](/uploads/hasura_figure_11_e3a3b5402d.webp)\n\n**Figure 11: Snippet of the [deeply nested nefarious query](https://github.com/inigolabs/workshops/blob/main/hasura-demo/graphql/get_author_articles_dos.graphql)**\n\nIn this scenario, a nefarious query has a depth of 37 and a height of 118. A single query execution can take well over 1 second, as shown in Figure 12.\n\n![Figure 12](/uploads/hasura_figure_12_e109a9ba7d.webp)\n\n**Figure 12: Single execution of the deeply nested nefarious query in Inigo Analytics**\n\nFor this Scenario #2, we are going to leverage **k6** again with the [deeply nested query in a script](https://github.com/inigolabs/workshops/blob/main/hasura-demo/k6/nested-query.js), but this time with only 10 vus:\n\n**k6 run --vus 10 --duration 30s nested-query.js**\n\nWhen running this load test, **you will observe Hasura becoming completely unresponsive**, as no queries will execute from GraphiQL. Additionally, no query metrics are being sent to Inigo as Hasura cannot execute any queries, period. Once the load test ends, Hasura will eventually become operational again.\n\nAs you can see, while Scenario #1 was crippling to Hasura, Scenario #2 is even worse. Additionally, when Scenario #2 happens, it may trigger service health checks to fail and Hasura to be restarted, only to succumb to an ongoing DoS attack again.\n\n## DoS Attack Scenario #1 Mitigation: Inigo Rate Limiting\n\nTo mitigate Scenario #1, Rate Limiting can be implemented with Inigo where the Inigo middleware running inside of Hasura will apply rate-limiting controls to all incoming GraphQL query requests.\n\nThe first step is implementing an [**anonymous_profile** with your Inigo **Service**](https://github.com/inigolabs/workshops/blob/main/hasura-demo/inigo/service.yml) as shown in Figure 13. This will be used to apply RateLimit to all unauthenticated incoming requests as shown in Figure 14.\n\n![Figure 13](/uploads/hasura_figure_13_dc14e6e087.webp)\n\n**Figure 13: [Inigo Service with anonymous_profile](https://github.com/inigolabs/workshops/blob/main/hasura-demo/inigo/service.yml)**\n\n![Figure 14](/uploads/hasura_figure_14_477e8df713.webp)\n\n**Figure 14: [Inigo RateLimit for the anonymous profile](https://github.com/inigolabs/workshops/blob/main/hasura-demo/inigo/rate-limit.yml)**\n\nYou can use the inigo CLI to apply these configurations:\n\n**inigo apply -f service.yml**\n\n**inigo apply -f rate-limit.yml**\n\nAs shown in Figure 14, a single anonymous client (tracked by IP Address) will only be able to issue 10 queries every 10 seconds. If you are using GraphiQL, it will be easy to prove the rate-limiting works by issuing 11 GraphQL **query** requests within 10 seconds, as shown in Figure 15.\n\n![Figure 15](/uploads/hasura_figure_15_6076a954ba.webp)\n**Figure 15: Inigo RateLimit exceeded as shown in GraphiQL in Hasura Console**\n\n## DoS Attack Scenario #2 Mitigation: Inigo Max Height and Depth Limits\n\nBy using Inigo’s **Security** configuration, you can apply **max_depth** and **max_height** restrictions to any incoming queries. This effectively prevents any nefarious attacks with deeply nested queries as demonstrated in Scenario #2. A [sample Security configuration](https://github.com/inigolabs/workshops/blob/main/hasura-demo/inigo/security.yml) is shown in Figure 16.\n\n![Figure 16](/uploads/hasura_figure_16_9d0ab9010e.webp)\n\n**Figure 16: Inigo [Security configuration with max_depth and max_height](https://github.com/inigolabs/workshops/blob/main/hasura-demo/inigo/security.yml)**\n\nThe configuration as shown in Figure 16 can be applied as such:\n\n**inigo apply -f security.yml**\n\nUsing GraphiQL in Hasura, you can attempt to run a deeply nested query, which will fail as shown in Figure 17.\n\n![Figure 17](/uploads/hasura_figure_17_d32cf67cc9.webp)\n\n**Figure 17: Inigo max_depth and max_height exceeded as shown in GraphiQL in Hasura Console**\n\nIf we rerun the [**k6** load test for Scenario #2](https://github.com/inigolabs/workshops/blob/main/hasura-demo/k6/nested-query.js) again, you will see that there are over 2000 blocked queries that result from the load test, as shown in Figure 18. To run the load test, here is the command once again:\n\n**k6 run --vus 10 --duration 30s nested-query.js**\n\n![Figure 18](/uploads/hasura_figure_18_2242794938.webp)\n\n**Figure 18: Inigo Analytics showing the Blocked queries after running the k6 load test**\n\n## Conclusion\n\nThe community version of Hasura is very powerful and feature rich, but is also vulnerable to DoS attacks as it does not incorporate rate limiting or query protection. While nefarious attacks are possible, even inside of your internal network, unintentional internal DoS scenarios are also possible that can make your Hasura deployment and database unavailable. In other words, you should think twice about deploying Hasura to production without rate limiting and query protection under any circumstances.\n\nInigo offers a drop-in replacement container image for the community version of Hasura that you can deploy with Docker or Kubernetes. All you need to do is sign up for Inigo, create a basic Inigo service, and deploy Hasura with the Inigo token. You will immediately start receiving query analytics from Inigo, and can then further explore implementing controls for query protection and rate limiting as documented in this article.\n\nFor further information, please read our Hasura [documentation](https://docs.inigo.io/product/agent_installation/hasura) and [examples](https://github.com/inigolabs/workshops/tree/main/hasura-demo) for implementing query protection and rate limiting with Hasura.","short_text":"\u003cp\u003eInigo now offers an integration with Hasura, allowing you to observe and secure your GraphQL API running on Hasura. Put Inigo into action and learn how to secure Hasura from denial of services attacks using Inigo's rate limiting and query protection!\u003c/p\u003e\n","createdAt":"2023-08-24T22:15:31.522Z","updatedAt":"2023-11-14T17:59:09.973Z","publishedAt":"2023-08-31T16:59:41.254Z","path":"hasura_inigo_dos_attack","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-08-31","keywords":null,"cover":{"data":{"id":418,"attributes":{"name":"hasura_inigo.webp","alternativeText":"hasura_inigo.webp","caption":"hasura_inigo.webp","width":1412,"height":632,"hash":"control_your_graphql_destiny_with_inigo_dfdcd934c4","ext":".webp","mime":"image/webp","size":56.96,"url":"/img/strapi/hasura_inigo.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-08-22T17:22:41.190Z","updatedAt":"2023-09-11T15:27:46.312Z"}}},"related":[]}},{"id":28,"attributes":{"title":"Control Your GraphQL Destiny with Inigo (Don’t Get Vendor Locked)","author":"Eric Murphy","text":"## Overview\nGraphQL is an excellent technology with a great ecosystem, and we’re still early in the adoption curve for enterprises that maintain a large set of GraphQL APIs. Yet, controlling your destiny with GraphQL is challenging for various reasons, such as the lack of visibility and security in GraphQL itself. When using GraphQL in production at scale, additional tools and services are needed to maintain your APIs.\n\nFor some GraphQL vendors, such as Apollo Graph Inc., moving GraphQL tools and services into a SaaS offering, GraphOS, makes sense. Yet, Apollo’s goal is to host your entire GraphQL infrastructure, including the GraphQL gateway. Additionally, GraphOS offers observability and security features that are proprietary to the Apollo tech stack. This comprehensive model naturally causes vendor lock-in and **gives Apollo control over your GraphQL destiny**. To make matters worse, Apollo tech stack users are [being forced into upgrading and/or migrating technologies](https://www.apollographql.com/blog/announcement/backend/announcing-the-end-of-life-schedule-for-apollo-gateway-v0-x/), and lower-tier offerings of GraphOS have become unaffordable for many.\n\nAnother example is AWS AppSync, which is an AWS-native GraphQL gateway. What if you want to migrate to Google Cloud and Hasura, for example? This is a very different tech stack, but it’s still possible to migrate away while keeping GraphQL technologies agnostic to your tech stack. By staying agile with your GraphQL deployments and not putting all your eggs in a single GraphQL basket, you can maintain some level of control over your GraphQL destiny. This is where neutral GraphQL vendors like Inigo can help.\n\n**You can make confident decisions on your future with a GraphQL vendor by deeply understanding your GraphQL graph, including specific key measures.** It’s impossible to predict the true cost of migrating to another GraphQL gateway or server without understanding the impact on your team and API users. By understanding this true cost, you can take control of your destiny with GraphQL.\n\n## Knowledge is Power: Key Measures to Understanding Your Graph\nInigo’s purpose is to provide observability, security, and manageability of your GraphQL APIs while still being agostic to what GraphQL server or gateway you might be running. If you’re considering changing your GraphQL server or gateway, Inigo gives you the data and insights you need to make the right decisions on moving forward.\n\nSo, what metrics and actionable intelligence does Inigo provide that allows you to control your GraphQL destiny? Let’s walk through them:\n\n### 1. Overall Utilization of Your Graph, Including Subgraphs\nHaving a high-level view of your overall graph utilization is essential so you know where to focus first on analyzing your graph. Having the big-picture view will allow you to plan and prioritize a deeper analysis of your graph. By having actionable insights, you will be able to move forward with further analysis and decision-making.\n\n**Actionable Intelligence:**\n\n- What parts of your graph and subgraphs are heavily utilized by your most important API users\n- What parts of your graph and subgraphs are underutilized or unutilized\n- Where errors are most likely to pop up and why they are occurring\n- Where are the major performance bottlenecks, especially when your graph is under a heavy load\n\n### 2. What GraphQL Operations and Sections of Your Graph Are Heavily Used\nBy understanding specifics about where the heavy usage is in your graph, you can take mitigating steps to reduce the risk of outages or errors when you modernize or migrate the GraphQL server or gateway underpinning your graph.\n\n**Actionable Intelligence:**\n\n- The most executed operations in your graph and how often are they executed\n- Sections of your graph, including objects and fields that are the most heavily consumed\n- What subgraphs support the most used parts of your supergraph\n- What sections of your graph need the most focus and careful planning during a potential GraphQL server or gateway change\n\n### 3. What Areas of Your Graph Are Underutilized or Initialized\nWhen modernizing or migrating GraphQL technologies, it’s best to reduce the scope as much as possible and eliminate unused functionality to achieve a quick win. With a reduced scope, less work needs to be done, and the risk level goes down.\n\n**Actionable Intelligence:**\n\n- The operations in your graph that have not been used over the last X number of days\n- The least executed operations in your graph\n- The least used objects and fields in your graph\n- The least used subgraphs\n- What underutilized areas of the graph could be deprecated, replaced, or eliminated immediately\n\n### 4. Who is Using the GraphQL API and How They Are Using It\nSome users of your API are likely to be more business-critical than others, and understanding their specific patterns of usage of your graph is critical to adequately supporting them while introducing change into your GraphQL deployment.\n\n**Actionable Intelligence:**\n\n- Who are the most common users of the most heavily used parts of your graph\n- What GraphQL operations your high-priority users are calling daily\n- What objects and fields your high-priority users are consuming\n\n### 5. Performance Bottlenecks in Your Graph\nYou may consider changing the underpinnings of your graph if performance bottlenecks originate from the GraphQL server or gateway. Expensive queries with significant depth and height can also cause bottlenecks, especially for frequently used queries.\n\n**Actionable Intelligence:**\n\n- The average and p95 latencies of the most commonly called operations in your graph\n- The heights and depths of the worst-performing queries in your graph\n- What users are most impacted by the bottlenecks in your graph\n- How many times per day are bottlenecked operations are called\n- What subgraphs are causing bottlenecks\n- What additional latency the supergraph query planning is adding\n\n### 6. Errors and Hotspots in Your Graph\nNot only do you want to understand where, when, and why errors are occurring in your graph, it’s essential to know where the hotspots are. These hotspots indicate where additional errors are likely to occur, especially when introducing change.\n\n**Actionable Intelligence:**\n\n- Where, when, and why do errors occur, and how often do they occur\n- What users are most impacted by these errors\n- Where are hotspots in the graph, such as high p95 latencies that may trigger additional errors, such as timeouts\n\n## Take Action to Control Your GraphQL Destiny\nYou will likely face four choices when it comes to controlling your GraphQL destiny when working with a GraphQL vendor such as Apollo Graph, Inc.:\n\n1. Kick the can by delaying a decision while performing more research and groundwork in the interim. You may be able to negotiate extended commercial support from the GraphQL vendor to buy time.\n2. Stay the course with the current open-source GraphQL server or gateway technology and continue forward self-supported for the foreseeable future. Eliminate the proprietary parts of your GraphQL deployment, and consider alternatives to a complete switch out.\n3. Switch to a comprehensive SaaS offering like GraphOS to maintain commercial support. Prepare for this to be a multi-year arrangement with vendor lock-in. Try to have an exit plan and avoid proprietary features of the SaaS when possible.\n4. Migrate to a different GraphQL vendor that fits your business and technology needs while pricing in the cost of performing the migration. The GraphQL vendor ecosystem is growing and maturing, and new options will be available in the coming months and years. Try to remain agile moving forward.\n\nBy capturing the key measures outlined in this article, making a decision will be straightforward, as you will have the data you need to weigh the pros and cons of each option. You and your team will be able to move forward with confidence that you made the right decision!\n\nFor example, suppose you have a very brittle graph with numerous hotspots and error-prone operations. In that case, kick the can, focus on improving the underlying GraphQL services, and start decoupling them from a vendor-specific GraphQL implementation. With the actionable intelligence gleaned from Inigo, you can plan and prioritize your efforts to get the quick wins you need before reevaluating your options.\n\n## Inigo Makes the Journey Possible\nNo matter your decision, Inigo can help you along the way. Using the key measures and actionable intelligence, you can continue to monitor for improvements over time and make sure you are prepared to introduce change, whether it’s driven by moving to a new GraphQL server or gateway or potentially adopting a SaaS that offers a cloud-hosted gateway.\n\nFor example, suppose you need to modify your GraphQL schema to refactor or prune your graph. In that case, you can closely monitor the ongoing graph usage to ensure that your API users no longer use deprecated operations, objects, and fields. This process will take time, and Inigo makes it easy!\n\nTry Inigo today to start taking control of your GraphQL destiny! Learn more and get started with a free trial at [app.inigo.io](https://app.inigo.io).","short_text":"\u003cp\u003eChanges in the GraphQL ecosystem might get you vendor-locked. Controlling your destiny with GraphQL is challenging for various reasons, such as the lack of visibility and security in GraphQL itself. Learn how to manage your GraphQL destiny.\u003c/p\u003e\n","createdAt":"2023-08-15T15:53:38.009Z","updatedAt":"2023-11-14T17:42:56.036Z","publishedAt":"2023-08-22T17:27:17.404Z","path":"control_your_graphql_destiny","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-08-22","keywords":null,"cover":{"data":{"id":438,"attributes":{"name":"control_your_graphql_destiny_with_inigo (1).webp","alternativeText":"control_your_graphql_destiny_with_inigo (1).webp","caption":"control_your_graphql_destiny_with_inigo (1).webp","width":1400,"height":600,"hash":"control_your_graphql_destiny_with_inigo_1_6188a941b3","ext":".webp","mime":"image/webp","size":22.27,"url":"/img/strapi/control_your_graphql_destiny_with_inigo_(1).webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-08-29T23:11:03.644Z","updatedAt":"2023-09-11T15:31:52.249Z"}}},"related":[]}},{"id":27,"attributes":{"title":"How to Use Inigo with Apollo Gateway and Better Understand Your Subgraphs","author":"Eric Murphy","text":"## Overview\nIn [Subgraph Visibility in GraphQL](https://inigo.io/blog/subgraph_visibility_in_graphql/), we examined Inigo’s subgraph visibility features at a high level. This blog post will go a level deeper on how to implement subgraph visibility with Apollo Gateway. We will walk through the setup of Inigo and what changes need to be made to your Apollo Gateway implementation.\n\n## Why Inigo to Understand Your Apollo Gateway or Router Subgraph?\nAs we covered in [Subgraph Visibility in GraphQL](https://inigo.io/blog/subgraph_visibility_in_graphql/), there are four basic needs for visualizing and understanding your subgraphs, which are:\n\n1. **Performance monitoring:** It's important to monitor metrics like response times, error rates, and throughput for each subgraph. This allows teams to identify performance bottlenecks and optimize the subgraphs accordingly.\n2. **Usage analytics:** Understanding how each subgraph is being used—which fields and types are queried most frequently—helps teams make better decisions about schema design and resource allocation.\n3. **Error tracking:** Having visibility into errors at the subgraph level simplifies debugging and troubleshooting. Teams can trace errors back to the source subgraph and subgraph owners have the necessary context to resolve issues.\n4. **Security monitoring:** Monitoring security-related metrics for each subgraph, like authentication failures or abnormal usage spikes, helps identify potential vulnerabilities or attacks early on.\nError tracking: Having visibility into errors at the subgraph level simplifies debugging and troubleshooting. Teams can trace errors back to the source subgraph and subgraph owners have the necessary context to resolve issues.\nOnce you complete the steps to set up Apollo Gateway with Inigo, you can independently apply these capabilities to not only the supergraph but the subgraphs as well.\n\n## GraphQL Gateway Demo Application\nThere is a [comprehensive guide](https://github.com/inigolabs/workshops/blob/main/apollo-gateway-demo/Readme.md) available on GitHub to walk you through installing and running Inigo with Apollo Gateway, and this blog will summarize the steps.\n\nOn your local machine, you should clone the [https://github.com/inigolabs/workshops](https://github.com/inigolabs/workshops) repository. We will be working with the [apollo-gateway-demo](https://github.com/inigolabs/workshops/tree/main/apollo-gateway-demo) subdirectory in this repository. This demo application in this subdirectory contains four microservices, each owning its own part of a federated GraphQL schema. There is an Apollo Gateway implementation that joins the subgraphs into a supergraph that can be easily queried using the Apollo sandbox.\n\nYou will likely want to open the [apollo-gateway-demo](https://github.com/inigolabs/workshops/tree/main/apollo-gateway-demo) subdirectory in VS Code. Once there, in the terminal, you should run **npm install** to build the current version of the project before continuing. The microservices can be started with **npm run start-services**, and, in a separate terminal, the gateway can be started with **npm run start-gateway**. The gateway will then be available at **http://localhost:4000**, where you can access the Apollo sandbox. To make sure everything is running correctly, try to execute the following **my_reviewed_products_to_buy_again** query:\n\n```\nquery my_reviewed_products_to_buy_again {\n me {\n name\n reviews {\n product {\n name\n price\n shippingEstimate\n inStock\n }\n review: body\n }\n }\n}\n```\nYou should get a query response as shown in Figure 1:\n\n![use_inigo_with_apollo_gateway_1.png](/uploads/use_inigo_with_apollo_gateway_1_3b4bb17dfd.png)\nFigure 1. Results of the **my_reviewed_products_to_buy_again** query in Apollo sandbox\n\nThis sample query will exercise all four microservices for this supergraph, which are **accounts**, **products**, **inventory**, and **reviews**. If you would like to know more about the implementation of this demo application, including the subgraph schemas, details are available in the [README](https://github.com/inigolabs/workshops/blob/main/apollo-gateway-demo/Readme.md). \n\n## Installing Inigo into the Apollo Gateway Demo Application\nThe [README](https://github.com/inigolabs/workshops/blob/main/apollo-gateway-demo/Readme.md) provides a detailed walkthrough, but here are the basic steps to install Inigo in Apollo Gateway:\n\n1. [Install the inigo CLI](https://docs.inigo.io/reference/cli/)\n2. Create a **Gateway** configuration and apply it with the Inigo CLI\n3. **npm install inigo-js** and **npm install** the Inigo middleware library\n4. Add the **require** imports for Inigo (in JavaScript)\n5. Add **InigoPlugin** and **InigoFetchGatewayInfo** to your code\n\n## Apply the Gateway Configuration with Inigo CLI\nFor Inigo, a **Gateway** configuration is needed to set up the Inigo **Service** for the various subgraphs that your application has. The demo application has a [gateway.yml](https://github.com/inigolabs/workshops/blob/main/apollo-gateway-demo/inigo/gateway.yml) file that contains the following configuration:\n\n```\nkind: Gateway\nname: apollo-gateway-demo\nspec:\n services:\n - name: accounts\n url: \"http://localhost:4001/graphql\"\n - name: reviews\n url: \"http://localhost:4002/graphql\"\n - name: products\n url: \"http://localhost:4003/graphql\"\n - name: inventory\n url: \"http://localhost:4004/graphql\"\n```\n\nThis configuration can be applied using **inigo apply inigo/gateway.yml**. For all of the details, once again, please see the [README](https://github.com/inigolabs/workshops/blob/main/apollo-gateway-demo/Readme.md). After this has been applied, you will be able to see the service and its subgraph services in the Inigo UI as shown in Figure 2:\n\n![use_inigo_with_apollo_gateway_2.png](/uploads/use_inigo_with_apollo_gateway_2_ece1d02e15.png)\nFigure 2. Supergraph and subgraph services in the Inigo UI\n\n## NPM Module Installations for Inigo\nTo support the required code changes in the next section, two NPM dependencies must be installed, and it depends on your operating system and CPU. For a Mac with an M1/M2, you would run:\n\n```\nnpm install inigo.js\nnpm install inigo-darwin-arm64\n```\n\nThere are more specific details available in the [README](https://github.com/inigolabs/workshops/blob/main/apollo-gateway-demo/Readme.md).\n\n## Apollo Gateway Code Changes for Inigo\nThe Apollo Gateway Demo Application [gateway.js](https://github.com/inigolabs/workshops/blob/main/apollo-gateway-demo/gateway.js) has commented code blocks you can uncomment underneath the **//INIGO**: comments within. The main sections that need to be added to support running the Inigo middleware in Apollo Gateway are:\n\n### Includes (gateway.js)\n```\n// INIGO: Uncomment below:\nconst { InigoPlugin, InigoRemoteDataSource, InigoFetchGatewayInfo } = require(\"inigo.js\");\n```\n\n### CustomRemoteDataSource (gateway.js)\n```\n// INIGO: use InigoRemoteDataSource instead of RemoteGraphQLDataSource.\nclass CustomRemoteDataSource extends InigoRemoteDataSource {\n async onBeforeSendRequest({ request, context }) {\n if (context.req \u0026\u0026 context.req.headers) {\n // pass all headers to subgraphs\n Object.keys(context.headers || []).forEach((key) =\u003e {\n if (context.headers[key]) {\n request.http.headers.set(key, context.headers[key]);\n }\n });\n }\n }\n async onAfterReceiveResponse({ request, response, context }) {\n return response;\n }\n}\n```\n\n### InigoPlugin and InigoFetchGateway Setup (gateway.js)\n```\n // INIGO: InigoPlugin must be instantiated before ApolloGateway is started\n const inigoPlugin = InigoPlugin();\n\n // INIGO: execute InigoFetchGatewayInfo() and use the result as a param for your custom data source\n const info = await InigoFetchGatewayInfo();\n```\n\n### Changes for the Apollo Gateway and Server (gateway.js)\n```\n const gateway = new ApolloGateway({\n supergraphSdl,\n __exposeQueryPlanExperimental: true,\n // INIGO:\n buildService(service) {\n return new CustomRemoteDataSource(service, info, true);\n },\n });\n\n const server = new ApolloServer({\n gateway,\n engine: false,\n subscriptions: false,\n // INIGO:\n plugins: [\n inigoPlugin,\n ],\n });\n```\n\n## Running Apollo Gateway with Inigo\nUsing the Inigo token that you obtained while [setting up Inigo](https://docs.inigo.io/), using either the Inigo UI or **inigo create token**, you can now start up Apollo Gateway with the Inigo middleware installed.\n```\nexport INIGO_SERVICE_TOKEN=\"ey...\"\nnpm run start-gateway\n```\nOnce started, you can return to the Apollo Sandbox again at **http://localhost:4000** and run the **my_reviewed_products_to_buy_again** query (see above) again. Please run this query several times to generate data to view on the Inigo Analytics UI.\n\n## Viewing Supergraph and Subgraph Data in Inigo Analytics\nNow that you have Inigo running with Apollo Gateway, and have executed the **my_reviewed_products_to_buy_again** sample query several times, you should be able to see query metrics available on [https://app.inigo.io](https://app.inigo.io) under the apollo-gateway-demo service in the dropdown menu (see the screenshot above).\n\nAs shown in Figures 3 to 7, you can navigate to the supergraph and subgraph Analytics from this menu, as highlighted in the red boxes. On each of these screens, you will have an independent view of the analytics that were run against the federated query execution. \n\nIn Figures 3 to 7, you can see how the federated **my_reviewed_products_to_buy_again** GraphQL query is decomposed into separate queries for each of the four microservices, each of which provides its own subgraph as described in the [README](https://github.com/inigolabs/workshops/blob/main/apollo-gateway-demo/Readme.md).\n\n![use_inigo_with_apollo_gateway_3.png](/uploads/use_inigo_with_apollo_gateway_3_f64931f6f1.png)\nFigure 3: The supergraph **my_reviewed_products_to_buy_again** query as shown in Inigo Analytics\n\n![use_inigo_with_apollo_gateway_4.png](/uploads/use_inigo_with_apollo_gateway_4_26be6bda09.png)\nFigure 4: The **accounts** subgraph query as shown in Inigo Analytics\n\n![use_inigo_with_apollo_gateway_5.png](/uploads/use_inigo_with_apollo_gateway_5_11ec54ddfc.png)\nFigure 5: The **product** subgraph query as shown in Inigo Analytics\n\n![use_inigo_with_apollo_gateway_6.png](/uploads/use_inigo_with_apollo_gateway_6_a51bf8d92d.png)\nFigure 6: The **inventory** subgraph query as shown in Inigo Analytics\n\n![use_inigo_with_apollo_gateway_7.png](/uploads/use_inigo_with_apollo_gateway_7_b2769551e2.png)\nFigure 7: The **reviews** subgraph query as shown in Inigo Analytics\n\n## Next Steps and Conclusion\nNow that you have set up and run Inigo with Apollo Gateway, you can further explore the capabilities of Inigo with the supergraph and each independent subgraph. You will gain a deeper understanding of how your subgraphs are being utilized within the context of your supergraph and your Apollo Gateway implementation.\n\nIf you’d like to learn more and see a live demonstration of using Inigo with Apollo Gateway, we invite you to attend the upcoming webinars:\n\nJuly 13th, 9:30 AM PDT, 6:30 PM CET - DONE\nJuly 18th, 5:00 PM PDT, 10:00 AM AEST - DONE\n\nOr [book a session here](https://inigo.io/demo).\n","short_text":"\u003cp\u003eThis blog post will go a level deeper on how to implement subgraph visibility with Apollo Gateway. We will walk through the setup of Inigo and what changes need to be made to your Apollo Gateway implementation.\u003c/p\u003e\n","createdAt":"2023-07-11T06:16:20.390Z","updatedAt":"2023-11-14T19:11:14.132Z","publishedAt":"2023-07-11T06:16:26.550Z","path":"use_inigo_with_apollo_gateway","author_twitter":"https://twitter.com/Inigo_graphql","date":"2023-07-11","keywords":null,"cover":{"data":{"id":363,"attributes":{"name":"inigo_with_apollo_gateway.webp","alternativeText":"inigo_with_apollo_gateway.webp","caption":"inigo_with_apollo_gateway.webp","width":1400,"height":600,"hash":"inigo_with_apollo_gateway_f9f5c1994c","ext":".webp","mime":"image/webp","size":42.46,"url":"/img/strapi/inigo_with_apollo_gateway.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-07-11T06:32:03.182Z","updatedAt":"2023-09-11T15:22:26.457Z"}}},"related":[]}},{"id":26,"attributes":{"title":"Subgraph Visibility in GraphQL","author":"Shahar Binyamin","text":"## Introduction\n\nThe appeal of creating a GraphQL API often lies in its ability to expose a single data graph, which can sit atop multiple data sources, such as REST APIs and SQL databases. This structure allows data to be queried in a way that truly reflects the relationships between the nodes in the graph.\n\nHowever, as more objects and their relationships are exposed through various types and fields, the graph can quickly become unwieldy. A moderately complex application can rapidly require a vast array of type definitions, making it challenging for multiple people or teams to collaborate on building the API. Additionally, the GraphQL API can become a single vulnerable point of failure in the system.\n\nThe solution? A distributed GraphQL architecture. By breaking up the schema into smaller services for development purposes and then recombining each independently managed portion into a Gateway API, client applications can remain oblivious to these divisions when querying data. This approach is particularly valuable for larger, complex applications that necessitate a single, comprehensive API.\n\nToday, a distributed GraphQL architecture is typically referred to as federated GraphQL and implemented via a tool called Apollo Federation. Federated GraphQL has helped companies like [Netflix](https://netflixtechblog.com/how-netflix-scales-its-api-with-graphql-federation-part-1-ae3557c187e2?gi=8bf40bb94882) and [PayPal](https://medium.com/paypal-tech/graphql-at-paypal-an-adoption-story-b7e01175f2b7) scale their GraphQL APIs. \n\n## Challenges of federated GraphQL\n\n![Subgraph Visibility in GraphQL Gaps.webp](/uploads/Subgraph_Visibility_in_Graph_QL_Gaps_98b30a4822.webp)\n\nWhile a federated GraphQL schema offers many benefits, including improved developer productivity and the ability to create a more coherent API across multiple teams, it also introduces a few challenges, including:\n\n1. **Schema Coordination**: In a federated architecture, different teams can make updates to their part of the schema independently. This requires careful coordination to ensure that changes made by one team don't break another team's queries. Tools like schema registries and schema validation tools can help with this.\n\n2. **Performance**: The process of splitting a GraphQL schema across multiple services and aggregating the results can add additional latency to the request. The gateway must sometimes make multiple round-trip requests to different services to resolve a single query, which can impact performance.\n\n3. **Error Handling**: Errors can be more challenging to trace in a federated environment. Errors from different subgraphs can become entangled, complicating the debugging process. For instance, a single query could trigger errors in multiple subgraphs, making it hard to isolate and resolve each one. This issue becomes even more severe as the number of subgraphs increases.\n\n4. **Security and Authorization**: Each service in a federated architecture represents a potential point of attack. Ensuring consistent security practices across all services, including data privacy and access controls, is critical.\n\n5. **Testing and Debugging**: Testing in a federated environment can be more complex than in a monolithic one. Testing a change might require setting up a more complicated testing environment that includes the gateway and all the necessary services.\n\n6. **Consistency**: Ensuring a consistent approach across multiple services can be challenging. For instance, different teams might have different naming conventions or different ways of designing their part of the schema.\n\n7. **Resource Allocation**: Conversations about resource allocation - how much memory, CPU, and bandwidth should each subgraph receive - can be difficult without the right tools and data.\n\nDespite these challenges, many organizations find that the benefits of a federated GraphQL architecture outweigh the drawbacks. The key to a successful implementation lies in careful planning, good communication among teams, and the use of appropriate tooling.\n\n## The need for subgraph visibility\n\n![Subgraph Visibility in GraphQL Solution.webp](/uploads/Subgraph_Visibility_in_Graph_QL_Solution_5720b55c70.webp)\n\nSubgraph visibility in the context of a federated GraphQL architecture refers to the ability to observe and understand the individual GraphQL services that make up the federated data graph. This includes things like:\n\n1. **Performance monitoring**: It's important to monitor metrics like response times, error rates, and throughput for each subgraph. This allows teams to identify performance bottlenecks and optimize the subgraphs accordingly.\n\n2. **Usage analytics**: Understanding how each subgraph is being used—which fields and types are queried most frequently—helps teams make better decisions about schema design and resource allocation.\n\n3. **Error tracking**: Having visibility into errors at the subgraph level simplifies debugging and troubleshooting. Teams can trace errors back to the source subgraph and subgraph owners have the necessary context to resolve issues.\n\n4. **Security monitoring**: Monitoring security-related metrics for each subgraph, like authentication failures or abnormal usage spikes, helps identify potential vulnerabilities or attacks early on. \n\nSubgraph visibility is important because it allows for more effective monitoring, troubleshooting, and optimization of a federated GraphQL API. By improving subgraph visibility, teams can ensure that their federated GraphQL architecture is performant, reliable, and secure. \n\n## Inigo: A Solution to Enhance Subgraph Visibility\n\n![Subgraph Visibility in GraphQL Inigo.webp](/uploads/Subgraph_Visibility_in_Graph_QL_Inigo_239592c820.webp)\n\nInigo is a GraphQL monitoring and analytics platform that provides in-depth visibility into subgraphs in a federated GraphQL architecture. Some of the features that improve subgraph visibility include:\n\n- Performance dashboards for each subgraph display metrics like response time, error rate, and throughput. This helps teams quickly identify issues and areas for optimization.\n- Usage analytics showing the most frequently queried types, fields, and connections within each subgraph. This data aids in improving schema design and determining how to allocate resources. \n- Advanced error tracking that groups errors by subgraph, making them easier to debug. Subgraph owners have the context to resolve issues efficiently. \n- Automated security monitoring that detects anomalies like spikes in authentication failures or unusual traffic volumes at the subgraph level. Teams get alerts about potential vulnerabilities early.\n- Resource allocation recommendations based on usage data. Inigo can suggest ways to optimize how resources like CPU, memory, and bandwidth should be distributed across subgraphs according to demand. \n\nBy providing targeted visibility and insights into each subgraph, Inigo enables federated GraphQL teams to build, monitor, and optimize their API more effectively. Issues that would otherwise be difficult to troubleshoot or anticipate become much more manageable. \n\n## Conclusion\nSubgraph visibility is essential for successfully operating a federated GraphQL API at scale. Without insight into how each subgraph is functioning, issues are nearly impossible to trace and resolve. Inigo is a purpose-built tool for enhancing visibility across federated graphs and overcoming the challenges associated with distributed architectures. \n\nTry Inigo today to gain transparency into your federated graph. Learn more and get started with a free trial at [app.inigo.io](https://app.inigo.io).\n\n","short_text":"\u003cp\u003eWhile a federated GraphQL schema offers many benefits, including improved developer productivity and the ability to create a more coherent API across multiple teams, it also introduces a few challenges.\u003c/p\u003e\n","createdAt":"2023-06-08T21:36:21.155Z","updatedAt":"2023-09-11T15:18:23.376Z","publishedAt":"2023-06-12T04:35:08.678Z","path":"subgraph_visibility_in_graphql","author_twitter":"https://twitter.com/shacharbinyamin","date":"2023-06-20","keywords":null,"cover":{"data":{"id":356,"attributes":{"name":"Subgraph Visibility in GraphQL Header.webp","alternativeText":"Subgraph Visibility in GraphQL Header.webp","caption":"Subgraph Visibility in GraphQL Header.webp","width":1400,"height":600,"hash":"Subgraph_Visibility_in_Graph_QL_Header_3af0e07c5f","ext":".webp","mime":"image/webp","size":22.86,"url":"/img/strapi/Subgraph_Visibility_in_GraphQL_Header.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-06-12T04:34:13.694Z","updatedAt":"2023-09-11T15:18:22.730Z"}}},"related":[]}},{"id":25,"attributes":{"title":"Inigo Earns New Analyst Recognition for Platform Innovation","author":"Shahar Binyamin","text":"We’re proud to announce that the Inigo platform has [earned the 2023 Intellyx Digital Innovator Award](https://intellyx.com/2023/05/22/inigo-wins-the-2023-digital-innovator-award-from-intellyx/) from enterprise analyst firm Intellyx. The award adds to Inigo’s recent recognition from DevOps.com, in the Best New DevOps Tools Provider category.\n\nAs our customers know, Inigo’s solution for end-to-end GraphQL API management and security quickly becomes a must-have toolset. From query production and rate limiting to schema checks and lifecycle management, Inigo is built to accelerate our customers’ GraphQL deployments as efficiency, securely, and cost-effectively as possible.\n\nWe’re excited to roll out even more features and capabilities this year, providing a complete one-stop shop for enterprise GraphQL security and management at scale.\n","short_text":"\u003cp\u003eWe’re proud to announce that the Inigo platform has earned the 2023 Intellyx Digital Innovator Award.\u003c/p\u003e\n","createdAt":"2023-05-31T16:14:27.121Z","updatedAt":"2023-09-19T22:52:13.884Z","publishedAt":"2023-05-31T16:15:08.708Z","path":"inigo_earns_new_analyst_recognition_for_platform_innovation","author_twitter":"https://twitter.com/shacharbinyamin","date":"2023-05-31","keywords":null,"cover":{"data":{"id":355,"attributes":{"name":"blog_intellyx_platform_innovation.webp","alternativeText":"blog_intellyx_platform_innovation.webp","caption":"blog_intellyx_platform_innovation.webp","width":1400,"height":600,"hash":"blog_intellyx_platform_innovation_f6506a2cda","ext":".webp","mime":"image/webp","size":17.75,"url":"/img/strapi/blog_intellyx_platform_innovation.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-05-31T16:13:12.753Z","updatedAt":"2023-09-11T15:21:47.409Z"}}},"related":[]}},{"id":24,"attributes":{"title":"NEW: Inigo's integration with AWS AppSync","author":"Shahar Binyamin","text":"We are excited to announce Inigo’s integration with AWS AppSync. This integration allows you to add in-depth GraphQL analytics to your AppSync instance in just a few straightforward steps. \n\n## The Challenge: Unveiling AppSync to the World\n\nAWS AppSync is a fully managed “GraphQL-as-a-service” platform that abstracts away much of the grunt work involved in building GraphQL APIs. For example, AppSync handles the parsing and resolution of requests as well as the connections to other services, data stores, and APIs.\n\nDevelopers predominantly use AppSync to quickly and robustly build internal GraphQL APIs, that are then consumed by internal clients within the same network or cloud environment. But sometimes organizations want to turn their internal AppSync APIs into public-facing external APIs. This means making the AppSync GraphQL API endpoint accessible over the internet.\n\nExposing your API endpoint to the world, so that other applications and users can interact with it, can be nerve-wracking. To do so in a safe, secure, performant way requires that you have more visibility into who is hitting your API, how often, and which parts of your schema can be optimized. \n\nThis is exactly what Inigo provides in our comprehensive GraphQL management platform.\n\n## The Solution: Add Inigo to your AppSync instance\n\nInigo provides enhanced security and detailed analytics for your AppSync service. With Inigo, you get out-of-the-box features like:\n\n### Query-level inspection and analytics\n\nInigo’s platform lets you dive deep into individual queries. From the analytics dashboard, you can easily check for high-latency queries and track down specific user bugs.\n\n![2_inigo_aws_appsync_query.webp](/uploads/2_inigo_aws_appsync_query_df4365c643.webp)\n\n### Error breakdowns\n\nOn the Inigo dashboard, you’re able to see a breakdown of common errors. You are also able to filter queries based on whether they responded with an error.\n\n![3_inigo_aws_appsync_errros.webp](/uploads/3_inigo_aws_appsync_errros_0d0644571a.webp)\n\n### Performance metrics\nInigo makes it easy to identify resource-heavy or unused objects in your schema.\n\n![4_inigo_aws_appsync_analytics.webp](/uploads/4_inigo_aws_appsync_analytics_d74aeed835.webp)\n\n### Actionable alerts\n\nInigo automatically surfaces errors in mission-critical objects and mutations and routes them to the appropriate team.\n\n### Access control \nInigo makes it easy for you to add role-based access control to your AppSync server, by writing declarative config.\n\n![5_inigo_aws_appsync_invalid_access.webp](/uploads/5_inigo_aws_appsync_invalid_access_e70087df62.webp)\n\n### Rate-limiting\n\nInigo uses object-based rate limiting - counting each query’s requested objects and returned objects against a time frame limit (e.g. 1000 objects per minute). This protects your AppSync server against potential performance degradation while still maintaining flexibility.\n\nAltogether, this information helps ensure that your AppSync API is secure against potential abusers and optimized for production. Finally, Inigo can scale to support the highest volume of GraphQL messages for large enterprises.\n\n\n## How to connect Inigo and AWS AppSync\n\n### 1. Create an Inigo Service\n\nTo create a new Inigo service, head to [app.inigo.io](https://app.inigo.io) and open the service configuration menu under the Settings icon on the top navigation.\n\n![6_inigo_aws_appsync_service_create.webp](/uploads/6_inigo_aws_appsync_service_create_b6aeb85e75.webp)\n\nOn the next page, choose the “Docker Standalone” option, decide on a service name and label, and proceed to save the INIGO_SERVICE_TOKEN value for later use.\n\n![7_inigo_aws_appsync_service_type.webp](/uploads/7_inigo_aws_appsync_service_type_2f827746dc.webp)\n\n![8_inigo_aws_appsync_service_name.webp](/uploads/8_inigo_aws_appsync_service_name_84e43838d3.webp)\n\n## AWS Marketplace\n\n### 2. Subscribe to the AWS Inigo Agent\n\nNavigate to the Inigo GraphQL Analytics product page in [AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-lmo76xfvzarck). Hit the \"Continue to Subscribe\" button and accept the terms and conditions. \n\nOn the configuration page, select “Cloudformation stack for AppSync”, and the latest version, from the dropdown menus, then hit the “Continue to Launch” button.\n\n![9_inigo_aws_appsync_marketplace.webp](/uploads/9_inigo_aws_appsync_marketplace_cfdbc4d771.webp)\n\n### 3. Deploy the AWS Agent Stack\n\nHere, you'll only need:\n\n1. The previously stored INIGO_SERVICE_TOKEN\n2. Your AppSync GraphQL endpoint and its API Key\n\nFollow the instructions [here](https://docs.inigo.io/product/agent_installation/aws_appsync#aws-agent-stack-deployment) to deploy an AWS agent stack.\n\nAt the end of this step, you will have deployed an Inigo agent. You may use the built-in playground or any preferred client to start sending queries.\n\n![10_inigo_aws_appsync_playground.webp](/uploads/10_inigo_aws_appsync_playground_66de0efa20.webp)\n\nAfter making a few requests, you should be able to see your analytic data with [Inigo’s dashboards](https://app.inigo.io).\n\n![11_inigo_aws_appsync_aws_data_home.webp](/uploads/11_inigo_aws_appsync_aws_data_home_6efd9876d7.webp)\n\n![12_inigo_aws_appsync_aws_data_analytics.webp](/uploads/12_inigo_aws_appsync_aws_data_analytics_65309d0fcf.webp)\n\n## Get started with Inigo and AppSync\n\nVisit [Inigo's documentation](https://docs.inigo.io/product/agent_installation/aws_appsync#aws-agent-stack-deployment) for more information on how to get started adding Inigo to your AppSync instance for powerful GraphQL analytics.\n\nYou can [sign up for Inigo](https://app.inigo.io/signup) directly or [schedule a demo](https://inigo.io/demo). The initial setup is free, so you can start gaining in-depth query analytics and performance metrics for your AppSync service without any charge.\n\n\n\n\n\n","short_text":"\u003cp\u003eWe are excited to announce Inigo’s integration with AWS AppSync. This integration allows you to add in-depth GraphQL analytics to your AppSync instance in just a few straightforward steps.\u003c/p\u003e\n","createdAt":"2023-05-30T20:34:48.195Z","updatedAt":"2023-11-14T17:38:58.012Z","publishedAt":"2023-05-30T20:44:15.302Z","path":"inigo_integration_with_aws_appsync","author_twitter":"https://twitter.com/shacharbinyamin","date":"2023-05-30","keywords":null,"cover":{"data":{"id":343,"attributes":{"name":"1_inigo_aws_appsync_header.webp","alternativeText":"1_inigo_aws_appsync_header.webp","caption":"1_inigo_aws_appsync_header.webp","width":1400,"height":600,"hash":"1_inigo_aws_appsync_header_4d9d13d449","ext":".webp","mime":"image/webp","size":15.55,"url":"/img/strapi/1_inigo_aws_appsync_header.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-05-30T20:29:58.202Z","updatedAt":"2023-09-11T15:20:50.670Z"}}},"related":[]}},{"id":23,"attributes":{"title":"GraphQL in development","author":"Shahar Binyamin","text":"## Overview\n\nAs applications evolve over time, it's essential for their GraphQL APIs to keep pace with these changes. In this blog post, we provide best practices for different aspects of the GraphQL development pipeline, including schema planning, schema checks, and performance optimization.\n\n## Managing schemas\n\nGraphQL was built on the principle that each client should only retrieve the data it requires, effectively addressing the over-fetching issue. This approach anticipates that your API will be consumed by a wide range of clients, so that existing client queries should continue to function properly even as you expand and update your graph.\nIt’s therefore important to determine which changes are permissible and which might break your schema.\n\n### Handling schema-breaking changes\nA schema-breaking in a GraphQL schema is an update that causes the API contract to change in a way that is not backward-compatible. To better understand this concept, let's consider an example.\nImagine you have a simple schema with a single query to fetch a user by ID, which returns a user type containing two fields: id and name. Your business then decides that they want to split the name field into two separate fields: firstName and lastName. You might be tempted to remove the name field and replace it with firstName and lastName, but doing so would break any existing clients relying on the name field.\n```\n# Original schema\ntype User {\n id: ID!\n name: String!\n}\n\n# Breaking change schema\ntype User {\n id: ID!\n firstName: String!\n lastName: String!\n}\n```\nInstead, you can make this change in a backward-compatible manner by using the @deprecated directive. This allows you to indicate that the name field is deprecated in favor of the new firstName and lastName fields.\n```\n# Backward-compatible schema\ntype User {\n id: ID!\n name: String! @deprecated(reason: \"Use firstName and lastName instead\")\n firstName: String!\n lastName: String!\n}\n```\nWhen you need to introduce schema-breaking changes, follow these four steps to minimize their impact: add, deprecate, migrate, and remove. \n\n![development_flow.webp](/uploads/development_flow_6e6ed8fef3.webp)\n\nIn our example, we already added the new fields and deprecated the old one. Now, let's go through the remaining steps:\n\n- **Migrate:** At this stage, it's crucial to update all the clients consuming this API to stop using the deprecated fields and start using the newly added fields. Once this migration is complete, deploy the updated versions of your website and applications.\n- **Remove:** Once you're confident that there are no more clients that are using the deprecated fields anymore, you can safely remove them from the schema. In our example, you would remove the name field from the User type and deploy the new version of the API.\n\nHow can you be confident that no clients are using the deprecated fields anymore? This is where Inigo’s GraphQL Gateway can help. Inigo highlights the usage of each GraphQL object and tags them by client so you get visibility to your APIs usage in depth.\nBy providing insights into usage patterns and real traffic data, developers using Inigo are empowered to plan their schema roadmaps effectively. \n\n### Schema checks\n\nWhile the example shown above assumes that the developer already knows that adding firstName and lastName can potentially break the schema, in other cases, it’s not so clear. This is where GraphQL schema checks can be helpful. GraphQL schema checks help developers identify and prevent breaking changes in the schema, such as field removals or type modifications.\n\nSchema checks for GraphQL are typically implemented by using tools and libraries designed for this purpose, and then integrating them into your development workflow and CI/CD pipeline. Here's an overview of the process:\n1. **Choose a tool or library for schema checking:** there are several popular tools for GraphQL schema checks, such as GraphQL Inspector, Apollo Engine, or Inigo. These tools can compare the current schema with the proposed changes and report any breaking changes or potential issues.\n2. **Implement schema checks in development:** during development, use the tool you chose to validate schema changes locally, ensuring that breaking changes are detected early in the development process. Developers can also use these tools to validate queries and mutations against the schema to guarantee their correctness.\n3. **Integrate schema checks into your CI/CD pipeline:** add schema checks to your continuous integration (CI) and continuous deployment (CD) pipelines. This can be done using plugins, scripts, or pre-built integrations with popular CI/CD platforms like GitHub Actions, GitLab CI, Jenkins, or CircleCI. Whenever code changes are pushed or pull requests are created, the CI system will automatically perform schema checks and report any issues before the code is merged and deployed.\n4. **Monitor and review schema changes:** configure the schema check tool to generate reports, logs, or notifications when breaking changes are detected. This enables your team to review the changes and decide on the best course of action, such as fixing the issue, updating client applications to handle the change, or reverting the change entirely.\n\nLet's consider a scenario where you have an existing GraphQL schema for an e-commerce application, and a developer wants to make changes to the User type. \nHere's the initial schema:\n```\ntype User {\n id: ID!\n name: String\n age: String\n email: String\n}\n```\nThe developer decides to change the age field from a String to an Int. They update the schema as follows:\n```\ntype User {\n id: ID!\n name: String\n age: Int # type used to be String\n email: String\n}\n```\nInigo will alert you to any clients that are still using age as a String.\n\n![illustration_graphql.webp](/uploads/illustration_graphql_e68c9fd0b7.webp)\n\n## Subgraph visibility for different teams \n\nIn GraphQL, subgraph visibility refers to the ability to control access to specific parts of a schema, such as types or fields, based on the client or user's permissions. Managing subgraph visibility is crucial for maintaining data security and privacy in a GraphQL API, as it helps prevent unauthorized access to sensitive data or internal implementation details. To implement subgraph visibility, developers can use a combination of schema directives and custom middleware, such as GraphQL Shield or custom resolvers, to conditionally expose or hide certain parts of the schema based on the client's authorization levels (typically controlled by a security orchestration product).\nWith Inigo, subgraph visibility is built in.\n\n![dropdown_56.webp](/uploads/dropdown_56_f064d186c4.webp)\n\n## Finding performance issues\n\n### Identifying resource-heavy and/or unused objects in schemas\n\nIn GraphQL, identifying resource-heavy queries and types is crucial for optimizing performance and minimizing unnecessary data retrieval. \nSimilarly, identifying unused objects is also important, as it can result in unnecessary costs for data sources in terms of lookup and computation.\nIdentifying these “long-tail” objects typically involves:\n1. **Query logging:** Set up logging for your GraphQL server to capture information about incoming queries, including execution time, response size, and any errors. This data will help you identify slow-performing or resource-intensive queries.\n2. **Query complexity analysis:** Calculate the complexity of each query. A high complexity score may indicate that a query is resource-intensive and may need optimization.\n3. **Monitoring server metrics:** Keep an eye on server metrics like CPU usage, memory consumption, and response time. Spikes in these metrics could signal that certain queries or types are putting excessive strain on your server.\n4. **Field usage tracking:** Identify which fields are frequently requested and which are rarely used.\n\n![analytics (1).webp](/uploads/analytics_1_881accdabb.webp)\n\n## Conclusion\n\nThe growing adoption of GraphQL in production environments highlights the importance of integrating it seamlessly into the development pipeline. As organizations face new challenges, such as schema planning, schema optimization, query monitoring, and [error handling](https://inigo.io/blog/graphql_error_handling), Inigo provides a valuable solution to what would otherwise be unscalable and costly development cycles. \nRather than functioning as a GraphQL server, Inigo offers a comprehensive suite of tools designed to contextualize GraphQL traffic, deliver granular query-level analytics, and ensure that dev teams have all the information they need to maintain a clean and efficient schema.\n\n\n\n","short_text":"\u003cp\u003eAs applications evolve over time, it's essential for their GraphQL APIs to keep pace with these changes.\u003c/p\u003e\n","createdAt":"2023-04-25T04:19:47.948Z","updatedAt":"2023-09-11T15:28:40.803Z","publishedAt":"2023-04-25T04:24:04.872Z","path":"graphql_in_development","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2023-04-24","keywords":null,"cover":{"data":{"id":338,"attributes":{"name":"graphql_in_development.webp","alternativeText":"graphql_in_development.webp","caption":"graphql_in_development.webp","width":1400,"height":600,"hash":"graphql_in_development_ad3408ab5b","ext":".webp","mime":"image/webp","size":27.18,"url":"/img/strapi/graphql_in_development.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-04-25T04:21:55.597Z","updatedAt":"2023-12-27T17:55:54.911Z"}}},"related":[]}},{"id":22,"attributes":{"title":"Expedite your GraphQL roadmap by making it enterprise-ready from day one","author":"Shahar Binyamin","text":"## Overview\n\nThe enterprise path to full-fledged GraphQL adoption in production —and API modernization at scale—often begins with a single developer or a single API in the journey of digital transformation.\n\nThat developer recognizes the advantages of the GraphQL open source API query language for workflow efficiency, and begins championing it within the organization. If you’re reading this, you may be that champion.\n\nYou understand GraphQL’s vast potential to accelerate application development and expedite roadmaps. You’re the one telling every colleague you can how GraphQL allows applications to collect all required data within a singular API request, and how GraphQl can do that with speed and control that REST APIs can’t match.\n\nIf you find yourself in this champion role, however, you may have also already encountered a few all-too-common roadblocks to your ideal GraphQL adoption roadmap. For those newer to GraphQL, here are some obstacles you might come across—and how to navigate them.\n\n## Obstacle #1 for GraphQL champions: the myth that “GraphQL is not mature enough for enterprises”\n\nFirst of all, starting out with GraphQL isn’t the hard part. Developers can deploy a GraphQL server and get going pretty darn easily. The harder challenge is winning organizational buy-in and standing up a stable, secure, and enduring enterprise-grade implementation.\n\nAn early obstacle to enterprise GraphQL adoption—which its champions must address head-on—is the perception that it isn’t ready for primetime. Skeptical stakeholders within your organization may claim that GraphQL isn’t mature enough for enterprise use cases. If you deploy GraphQL in a haphazard and unsustainable manner that also makes it an easy target for hackers, you’re all but doomed to failure. It’s dangerous to the future of GraphQL at your organization if you end up making the skeptics look like they’re right. That’s why it’s crucial it deploy GraphQL with a strong and secure foundation from day one. And that’s completely doable.\n\nThe truth is that GraphQL is mature enough for production in large enterprises and is already deployed in large production environments across the biggest and most data-intensive companies in the world (Meta, Rakuten, PayPal, Lyft, KLM, Starbucks, Shopify, the list goes on). Champions can answer skeptics by demonstrating that enterprise-grade, purpose-built GraphQL tooling and expert support are available to guide a seamless deployment and allow the development team to hit the ground running toward their GraphQL goals. This is why we built Inigo; our one-stop-shop GraphQL management gateway eliminates the learning curve to managing a secure enterprise GraphQL deployment.\n\n## Obstacle #2 for GraphQL champions: the myth that it’s “too early to add enterprise support”\n\nIt’s a frustrating catch-22 for champions: while some skeptics accuse GraphQL of not being enterprise-ready, other stakeholders will say it’s too early to invest in GraphQL management, security, and support because the organization has yet to use it much. \n\nChampions need to deliver this message: it’s never too early to apply GraphQL best practices and doing so from the beginning pays dividends in the long term. Implementing best practices in a greenfield environment means fully benefitting from efficient operations, secure access control and visibility, granular analytics and BI insights, schema planning, API lifecycle tools, and an improved developer experience from the start. In contrast, aligning brownfield deployments with GraphQL best practices often means fixing thorny legacy issues—such as access controls hard-coded into servers and resolvers—which can be harder to deal with. You would never hear that it’s too early to use Jira in the development process. it’s given that you want everything there from day one. Similarly, the sooner an enterprise starts with GraphQL best practices for workflow management and security, the easier it is to operate and scale, and the more inisghts you have to optimize your schema and design things right from the start. \n\n## Explore Inigo\n\nGraphQL champions know that their enterprises are ready to harness GraphQL, and that they should highlight the right complementary tooling to help make their case and convince stakeholders. With Inigo, enterprises gain the visibility to operate GraphQL seamlessly, and the security to operate it safely and with confidence. The Inigo platform also removes obstacles to GraphQL adoption, eliminating unknowns to make migration quicker and easier while expediting GraphQL’s (many) benefits.\n\n## Developers Use Inigo for: GraphQL Visibility\n \n![Developers Use Inigo for GraphQL Visibility.webp](/uploads/Developers_Use_Inigo_for_Graph_QL_Visibility_c048c5d015.webp)\n\nSeeing is believing, and visibility into GraphQL data is critical to ensure success and find any issues before they become…big issues. For both at-a-glance visibility into GraphQL deployments and granular deep dives, the Inigo platform delivers. A health dashboard details any server error breakdowns, with a complete view of service and subgraph states. The dashboard is built to enable developers to take quick action when needed.\n \nWhile standard monitoring tools overlook GraphQL query insights—and the valuable business intelligence those insights hold—the Inigo platform is built for query-level analytics. Developers get a uniquely in-depth understanding of their GraphQL usage (at scale) through detailed insights into the field level, query paths, and server health, among other metrics.\n\n## Developers Use Inigo for: GraphQL Planning\n \n![Developers Use Inigo for GraphQL Planning.webp](/uploads/Developers_Use_Inigo_for_Graph_QL_Planning_a96a246340.webp)\n\nInigo takes the guesswork (and time) out of GraphQL planning. Straightforward schema navigation enables developers to quickly identify, review, and share schema version differences, and also flag any deprecated and tagged fields. The platform’s heatmap of GraphQL usage—with real traffic data—is critical for gathering unique BI that drives more effective and efficient planning.\n \nAs the API lifecycle progresses, Inigo gives developers the tools they need to be well-prepared for schema changes and field deprecation with absolute minimal (and often zero) impact to the customer experience. Inigo’s gateway inspects changes and compares them against real traffic, instantly alerting developers to any API outages.\n\n## Developers Use Inigo for: GraphQL Security\n \n \n![Developers Use Inigo for GraphQL Security.webp](/uploads/Developers_Use_Inigo_for_Graph_QL_Security_9f121c3a21.webp)\n\nAll of GraphQL’s productivity, developer experience, and availability gains fall apart if security can’t keep up. Inigo protects GraphQL environments from spec abuse with query-level protections that thwart DoS attacks and provide real-time protection against data tampering, malicious traffic, and slow (or unresponsive) API responses.\n \nObject-level rate limiting is critical for GraphQL security, and Inigo achieves this by counting each query’s requested objects and returned objects against a time frame limit (such as 1000 objects per minute). Developers using object-based rate limiting know that their servers will be protected against potential performance degradation while still allowing for flexible and efficient API use.\n \nLastly, one of the biggest developer misconceptions around GraphQL security is that you need to disable introspection. [You don’t](https://inigo.io/blog/you-dont-need-to-disable-introspection). Inigo’s schema-based access control is built with introspection separation, so access control can be completely enforced at the edge. Users only get schema visibility to pre-allowed operations, types, and fields.\n \n## Is Inigo right for me?\n \nBecause Inigo uses a traffic-based pricing model and costs nothing to install, champions can explore Inigo and demonstrate its benefits on dev environments practically for free. Champions should also showcase how Inigo delivers a huge ROI by eliminating the need to hire top-tier GraphQL talent. With Inigo, there’s no need for enterprises to wait to deploy GraphQL, no huge budget expenditures, and no need to hire in-house experts to take advantage of an expertly managed and secured GraphQL deployment.\n","short_text":"\u003cp\u003eThe enterprise path to full-fledged GraphQL adoption in production —and API modernization at scale—often begins with a single developer or a single API in the journey of digital transformation.\u003c/p\u003e\n","createdAt":"2023-04-03T21:08:35.021Z","updatedAt":"2023-09-12T15:08:34.919Z","publishedAt":"2023-04-04T03:56:09.854Z","path":"expedite_graphql_roadmap","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2023-04-04","keywords":null,"cover":{"data":{"id":320,"attributes":{"name":"Expedite Your GraphQL Roadmap.webp","alternativeText":"Expedite Your GraphQL Roadmap.webp","caption":"Expedite Your GraphQL Roadmap.webp","width":1400,"height":600,"hash":"Expedite_Your_Graph_QL_Roadmap_c0fea1f2ec","ext":".webp","mime":"image/webp","size":9.29,"url":"/img/strapi/Expedite_Your_GraphQL_Roadmap.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-04-03T21:20:11.038Z","updatedAt":"2023-09-12T15:08:34.204Z"}}},"related":[]}},{"id":21,"attributes":{"title":"Harnessing Materialized Views and ClickHouse for High-Performance Analytics","author":"Ruslan Shcherbin","text":"## Overview\nAt Inigo, we were seeking a database solution that could handle a high volume of raw data for analytics. After exploring various alternatives, including SQLite, Snowflake, PostgreSQL, we decided to experiment with Materialized Views using ClickHouse on a relatively slow machine. In this post, we share our findings after loading billions of rows of data and conducting measurements.\n\n## Database Alternatives Considered\nBefore arriving at ClickHouse, we tried several other databases:\n1. Snowflake - too slow and costly for our needs. While it performs well for processing in-house data, it becomes quite expensive when handling real-time customer data within a product, which negatively impacts the product's unit economics. The lack of a local Snowflake emulator further complicates development, as it prevents running continuous unit tests against the database. Additionally, the user interface did not align with our preferred database usage. Since each service had its own separate table, we had to obtain and hardcode table names in the UI. This made it impossible to retrieve data from all tables using a single query in the user interface.\n2. PostgreSQL - An excellent database, but its transactional nature made it unsuitable for large analytic workloads. We were able to get it to work with around 100K rows, but past that, the indexes were growing out of control and the cost of running a Postgres cluster didn’t make sense.\n\n## What is ClickHouse?\nClickhouse is a columnar database specifically designed to handle high volumes of data while providing fast query execution. Materialized views in Clickhouse serve as pre-aggregated datasets that can significantly improve the performance of analytical queries. Furthermore, Clickhouse's ability to automatically manage and update materialized views as new data is ingested simplifies the maintenance process, making it an attractive choice for those seeking an efficient and powerful analytical database solution.\n\n## Why Clickhouse\nWe ended up choosing Clickhouse for its general high performance, ability to handle large scale, and ability to run it locally for testing purposes.\n\n## Inigo’s ClickHouse Setup\nOur current ClickHouse setup is a single database where nearly every Inigo service has its own table, with some tables containing billions of rows of data. It runs on 4 vCPUs, 32GB RAM for the development environment and 16 vCPUs, 128GB RAM for the production environment. \nSetting up ClickHouse was challenging, as understanding the nuances of each index, sharding, and materialized views required considerable effort. However, the end result has been a system capable of loading and querying vast amounts of analytics data in a scalable manner, both in terms of hardware cost and engineering development time.\n\n## Materialized Views in ClickHouse\nGiven that we have billions of rows in some of our raw tables, we strive to minimize joins whenever possible. Instead, we have consolidated the data into several materialized views, each grouping the data into distinct time window buckets. As a result, most of the time, we are querying thousands of aggregated rows instead of millions of raw data rows, resulting in faster real-time filtering.\n\n### Creating materialized views\nOur raw tables all contain a timestamp column observed_at.\nWe then aggregate the data rows into specified intervals for the materialized tables. For example, if the interval is 1 minute, we use the toStartOfInterval(observed_at, INTERVAL 1 minute) function to aggregate data into one minute intervals. Each row in the materialized views contains several raw data values, all corresponding to a particular minute based on the observed_at column.\nBy creating materialized views with different intervals, such as 6 minutes, 40 minutes, and 3 hours, we can further enhance query performance and enable more efficient data analysis across various timeframes.\n\nWe exclude all columns containing unique data, such as trace_id, from materialized views. When we need to filter by trace_id, we query the raw data. It is worth noting that raw data queries are reasonably quick in Clickhouse, as Clickhouse can efficiently sift through a large number of rows in real-time using the appropriate index for each column.\n\n### Grouping data\nIn our analytics, we primarily use grouped queries to obtain data. Standard queries and materialized view queries use the same SQL files, but there is a slight modification in the way they handle counting. Instead of using count(1) to count the rows, materialized view queries use sum(calls) with a derived column named calls. The column calls is created by using count(1) as calls in the materialized view definition. This change allows us to aggregate the count of rows from the materialized view, resulting in more efficient querying and better performance.\n\n### Merge and State Suffix\nIn Clickhouse, the State and Merge suffixes are used with aggregation functions to handle intermediate aggregation states and merge them efficiently. These suffixes are particularly useful when working with distributed databases or when we need to combine aggregated results from multiple sources.\n\n- The State suffix: The aggregation functions with the State suffix return an intermediate aggregation state rather than the final result. These intermediate states are stored in a compact binary format that represents the aggregation in progress.\n\nFor example, if we want to calculate the 95th (0.95) and 99th (0.99) percentiles of a column called server_process_time, we can use the quantilesState(value) function. This function returns the intermediate state of the quantiles calculation, which we can store in a separate table or combine with other intermediate states.\n\n- The Merge suffix: The aggregation functions with the Merge suffix take the intermediate aggregation states produced by their corresponding State functions and merge them to produce the final aggregation result. This is useful when we have multiple intermediate states that we need to combine into a single aggregated result.\n\nFor instance, to obtain the 99th percentile of the aggregated server_process_time, we would use quantileMerge(0.99)(quantiles_server_process_time), where quantiles_server_process_time is the intermediate state resulting from the quantilesState function.\n\n## Results\nBy leveraging Materialized Views and ClickHouse, we achieved the following:\n\n1. The database is now faster than our Golang code, allowing us to use pooling and improving our UI responsiveness.\n2. Confidence in query speed, enabling us to identify issues outside the database, such as in tracing extensions.\n\nThe scalability of this solution depends on various factors, including the scaling setup. ClickHouse officially offers a cloud service with 720 GiB RAM, 180 vCPU, and 10 TB of data, indicating its potential for handling significant workloads. However, we have been able to easily scale to 1B rows and still growing.\n\n## Conclusion\nWhile ClickHouse does have limitations, such as the absence of transactions and potential inaccuracies in Materialized Views, these drawbacks are minor for our analytics use case. Overall, ClickHouse, when paired with Materialized Views, has proven to be an excellent solution for handling large-scale analytics data with impressive performance and scalability.\n","short_text":"\u003cp\u003eIn this post, we share our findings after loading billions of rows of data and conducting measurements.\u003c/p\u003e\n","createdAt":"2023-03-30T06:16:33.231Z","updatedAt":"2023-09-12T15:08:49.578Z","publishedAt":"2023-03-30T06:18:03.864Z","path":"materialized_views_and_clickhouse","author_twitter":"https://twitter.com/Inigo_GraphQL","date":"2023-03-29","keywords":null,"cover":{"data":{"id":316,"attributes":{"name":"Harnessing Materialized Views and ClickHouse for High-Performance Analytics.webp","alternativeText":"Harnessing Materialized Views and ClickHouse for High-Performance Analytics","caption":"Harnessing Materialized Views and ClickHouse for High-Performance Analytics.webp","width":1400,"height":600,"hash":"Harnessing_Materialized_Views_and_Click_House_for_High_Performance_Analytics_e5a5019429","ext":".webp","mime":"image/webp","size":23.07,"url":"/img/strapi/Harnessing_Materialized_Views_and_ClickHouse_for_High-Performance_Analytics.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-03-30T06:17:49.106Z","updatedAt":"2023-09-12T15:08:48.912Z"}}},"related":[]}},{"id":20,"attributes":{"title":"Are Your Developers Using GraphQL Without Your Knowledge?","author":"Shahar Binyamin","text":"## Overview\nYour organization could be running GraphQL right now…and you might not even know it. As a platform lead responsible for optimized operations, or a security operations person responsible for security of the environment, that’s not exactly a sleep-well-at-night scenario. It’s relatively simple for a lone developer to deploy GraphQL and, while you have no idea it’s happening, they almost certainly have no idea how to manage and secure GraphQL APIs.\n\nDevelopers tend to prioritize efficiency and speed over security. These priorities have been the main drivers of GraphQL adoption (see, for example, [PayPal’s GraphQL adoption story](https://medium.com/paypal-tech/graphql-at-paypal-an-adoption-story-b7e01175f2b7)). The reasons are clear: GraphQL enables faster release of new versions to clients, easier API integration, easier testing, and an overall better developer experience. But while GraphQL increases developer productivity and improves end-user experiences, it is also a paradigm shift for platform teams who must ensure security and availability. \n\nDevelopers’ priorities frequently conflict with those of platform teams. That’s not unique to GraphQL, but the difference is that when that happens with GraphQL, your existing web application gateway or other gateways won’t raise a red flag. A GraphQL server offering paths for attackers to expose data, or loading extremely resource-heavy burdens on your platform, could already be running and you would not know it because you will only see “200 OK” response codes (see why in our blog on [GraphQL error handling](https://inigo.io/blog/graphql_error_handling)). \n\nShould you be worried about using GraphQL? Not at all, if you have the right tools and safeguards in place: deep analytics, tight access controls, and granular visibility into how GraphQL APIs use your resources. Without these, you cannot guarantee your SLAs and you certainly cannot meet compliance requirements because your GraphQL APIs would be exposed to [injection attacks](https://inigo.io/blog/graphql_injection_attacks), [vulnerabilities](https://inigo.io/blog/analysis_of_public_graphql_vulnerability_reports), and other kinds of attacks we discuss in other [blogs](https://inigo.io/blog). \n\nGraphQL rewards organizations that implement best practices and place controls as early as possible. Getting GraphQL management and security right within a greenfield environment is far simpler than undoing hardcoded mistakes in legacy deployments later. It’s why we’ve built out all the GraphQL-specific capabilities required for platform teams and developers to benefit from a secure, resource-efficient, easily scalable GraphQL deployment from the start (and the visibility to know if your developers have, well, started without you).\n\nPlatform teams managing GraphQL should have these capabilities in place from Day One, or as soon as possible:\n\n## Access control\n\nGraphQL access control is an essential Day One feature, but requires strategy and forethought. Going down the wrong path can lead to hairy situations, such as introducing overly-specific code inside resolvers and servers that becomes a challenge to remove. Deploying Inigo’s solution to get access control right from the start means avoiding major headaches in the future. \n\nMany platform teams are also led astray by the [false advice to disable introspection](https://inigo.io/blog/you-dont-need-to-disable-introspection). Inigo’s schema-based access control features RBAC introspection separation to enforce access control at the edge and limits users’ visibility to the correct operations, types, and fields. GraphQL resolvers stay clean and tight, with complex code logic replaced by easily managed role-based declarative configurations. Query-level audit trails, data leak protection with PII detection, and remediation alerts ensure proper governance that aligns with compliance mandates.\n\n## Schema planning\n\nGraphQL schema planning must be part of the development and API lifecycle from the onset in order to identify errors and protect against production failures that would cause degradation in service levels (and put SLA commitments at risk). Optimized schema planning is key not only to guaranteeing SLAs and reducing costs, but to the broader goals of API modernization. Using GraphQL without proper schema planning could results in poor results, causing your management to assume that GraphQL isn’t mature enough, rather than supporting your team in the process. Inigo’s enterprise-grade tools solve this issue by equipping platform teams and developers with access to real traffic usage data and unique business intelligence—enabling strong foundational and future schema planning. Teams see all their APIs and all the queries in depth, for ongoing control and schema optimization. \n\n## Federated subgraph visibility\n\nIf GraphQL does take root in your organization—but grows into a brownfield deployment with a federated graph before the platform team implements the right visibility tooling—you’ll need some extra help. A federated graph combines multiple subgraphs to expose a singular data graph via an API. Unfortunately for unprepared organizations, reaching this point means that the platform team has no visibility into what traffic goes to which subgraph within this federated architecture. When an issue occurs, such as slow performance or resource-gobbling server behavior, the team can’t see the cause or have the right information for resource allocation discussions. Tapping Inigo provides a clear breakdown of the resources, data, and load among federated subgraphs, making it simple to sort out otherwise painful issues.\n\n## Help your developers help themselves\n\nFor platform teams, developers that lack the tools to solve their own issues can be the biggest nightmare of all. Providing each developer with well-configured access control to address their own needs keeps issues off of the platform team’s plate. At the same time, powerful visibility allows platform teams to quickly solve any issues they do need to address. With Inigo, platform teams can eliminate friction with dev teams and ease the organizational learning curve toward secure and optimized GraphQL adoption, applying expertise from day one without needing to become GraphQL experts.\n","short_text":"\u003cp\u003eYour organization could be running GraphQL right now…and you might not even know it.\u003c/p\u003e\n","createdAt":"2023-03-14T21:21:47.832Z","updatedAt":"2023-09-12T15:08:19.783Z","publishedAt":"2023-03-14T21:26:20.987Z","path":"unmanaged_graphql_apis_platform_secops","author_twitter":"https://twitter.com/shacharbinyamin","date":"2023-03-14","keywords":null,"cover":{"data":{"id":314,"attributes":{"name":"Are Your Developers Using GraphQL Without Your Knowledge.webp","alternativeText":"Are Your Developers Using GraphQL Without Your Knowledge.webp","caption":"Are Your Developers Using GraphQL Without Your Knowledge.webp","width":1400,"height":600,"hash":"Are_Your_Developers_Using_Graph_QL_Without_Your_Knowledge_85baab7268","ext":".webp","mime":"image/webp","size":27.1,"url":"/img/strapi/Are_Your_Developers_Using_GraphQL_Without_Your_Knowledge.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-03-14T21:26:16.072Z","updatedAt":"2023-09-12T15:08:19.015Z"}}},"related":[]}},{"id":19,"attributes":{"title":"GraphQL Error Handling","author":"Shahar Binyamin","text":"[![Protect your GraphQL](/uploads/Banner_Protect_your_Graph_QL_7784492908.png)](https://landing.inigo.io/demo)\n\n## Overview\nFor those coming from the world of REST/HTTPs APIs, GraphQL’s error handling paradigm can feel undisciplined and inconsistent. **Unlike in REST/HTTP APIs, where error handling is based on status codes returned by the API, GraphQL request are always made using the same `/graphql` url and always return a 200 OK response**. Instead of being signalled via status codes, errors reside inside the response payload, alongside any data returned.\n\nThis makes GraphQL error handling a blind spot for most engineers and security teams. Standard WAFs will generally only look at HTTP headers; thus with GraphQL they are unable to contextualize and differentiate between:\n\n- Successful calls \n- Server errors\n- Rate limiting\n- Operation errors\n- Authorization errors\n- Subgraph owner\n\nAdditionally, there is little visibility when mission-critical objects and mutations, like purchase orders, fail. In this blog post, we cover some of the top problems with GraphQL’s default error handling, some best practice solutions, and how Inigo can help elevate GraphQL errors so they are quickly handled by the proper team.\n\n## Error Handling in GraphQL\nGraphQL is transport agnostic, which means that it does not rely on the underlying transport mechanism used to transmit data between the client and the server. GraphQL APIs can use Web Sockets instead of HTTP for client-server communication if it suits the use case. As a result, GraphQL APIs do not rely on HTTP methods like GET, PUT, and POST, nor are HTTP status codes relevant. \n\nIn GraphQL, errors are returned as part of the server responses from the server. When an error occurs, the server returns a response with an `errors` field that contains information about the error. Clients can determine whether the request was successful or not by looking at this errors field. \n\n\n### Example 1:\nHere is an example of a GraphQL response with an error:\n```\n{\n \"data\": {\n \"createUser\": null\n },\n \"errors\": [\n {\n \"message\": \"Email already in use\",\n \"locations\": [\n {\n \"line\": 2,\n \"column\": 3\n }\n ],\n \"path\": [\n \"createUser\"\n ]\n }\n ]\n}\n```\n\nIn the above example, the errors field in the response is an array of errors. Each error contains three fields:\n\n- **Message:** Provides a description of the error\n- **Location:** Indicates where in the query the error occurred\n- **Path:** Indicates which field in the query caused the error\n\nIn this case, the error message \"Email already in use\" indicates that the email address specified in the `createUser` mutation is already in use by another user.\n\nIn addition to the above three fields, there is an `extensions` field that can be used to add extra information about the error.\n\n### Example 2:\nThe following mutation should result in the creation of a user:\n```\nmutation {\n createUser(name: \"XYZ\", email: \"xyz@abc.com\") {\n\t name, \n\t email,\n\t password\n }\n}\n```\n\nThe mutation results in the following response:\n```\n{ \"errors\": [ {\n \"message\": \"Cannot query field \\\"password\\\" on type \\\"User\\\".\", \n \"locations\": [ { \"line\": 5, \"column\": 6 } ], \n \"extensions\": { \n \"code\": \"GRAPHQL_VALIDATION_FAILED\", \n \"stacktrace\": [ \n \"GraphQLError: Cannot query field \\\"password\\\" on type \\\"User\\\".\", \" at Object.Field (/my_project/node_modules/graphql/validation/rules/FieldsOnCorrectTypeRule.js:48:31)\", \" ...additional lines...\" \n ] \n } \n} ] }\n```\n\nNote that the path element is missing from the error object because, unlike the error in Example 1, this error is raised before execution. These are commonly referred to as request errors, and they include parsing and validation failures. Since this mutation was run on an Apollo server, the error extensions are specific to Apollo’s implementation. These may be different when using other GraphQL implementations. \n\n## Problems with GraphQL's Error Handling\nAs you can see, GraphQL's error-handling mechanismis substantially different from how we are accustomed to dealing with errors. As a result, GraphQL error handling presents several challenges:\n\n### Difficult to parse\nA GraphQL response may contain both data and errors. The presence of errors does not imply the absence of data. In the absence of errors, the errors key is absent from the response.\n\nIn the following snippet, for example, if you merely parse the errors key and assume the entire response is erroneous, you will miss out on the partial data returned.\n```\n{\n \"data\": {\n\t \"user\": {\n\t \"name\": \"Inspector Spacetime\",\n\t \"userFriends\": [{\n\t\t \"id\": 1,\n\t\t \"name\": \"Constable Reggie\"\n\t }, {\n\t\t \"id\": 2,\n\t\t \"name\": null\n\t }]\n\t } \n },\n \"errors\": [{\n\t \"message\": \"Could not fetch name of friend \"\n\t \"locations\": [{\n\t\t \"line\": 2,\n\t\t \"column\": 5\n\t }],\n\t \"path\": [\n\t \"user\", \"userFriends\", 1, \"name\"\n\t ]\n }]\n}\n```\n### No standard format\nDifferent GraphQL implementations might report errors in different formats, or utilize different error-handling conventions, making it difficult for a standard API gateway to parse.\n\nThe following is an erroneous response for failed validation in Hasura:\n```\n{\n \"errors\": [{\n \"extensions\": {\n \"path\": \"$.selectionSet.users.selectionSet.name\",\n \"code\": \"validation-failed\"\n },\n \"message\": \"field \\\"name\\\" not found in type: 'users'\"\n }]\n}\n```\nThe following is an erroneous response for failed validation in Apollo:\n```\n{ \n \"errors\": [{ \n\t\"message\": \"Cannot query field \\\"name\\\" on type \\\"User\\\".\", \n\t\"locations\": [{ \n\t \"line\": 2, \n\t \"column\": 3\n\t}], \n\t\"extensions\": {\n\t \"code\": \"GRAPHQL_VALIDATION_FAILED\", \n\t \"exception\": { \n\t \"stacktrace\": [\n\t \"GraphQLError: Cannot query field \\\"name\\\" on type \\\"User\\\".\", \"...additional lines...\" \n\t ]} \n\t} \n}], \n\"data\": null \n}\n```\nIt's always a good idea to consult the documentation for the specific implementation you are using for more information on error handling.\n\n### Hard to differentiate\n\nA GraphQL response may be the result of many requests to distinct data sources. Certain fields may fail due to a lack of authorization, while others may fail due to faulty validation, and we may only obtain a partial response for the remainder. The `errors` list might contain a wide range of errors, making it difficult for the client to handle and respond.\n\nHere's an example of multiple errors being returned in response to a query:\n```\n{\n \"errors\": [\n {\n \"message\": \"The provided argument value '9999999999' is invalid for the input argument 'id' on field 'node' of type 'ID'.\",\n \"locations\": [\n {\n \"line\": 2,\n \"column\": 3\n }\n ],\n \"path\": [\n \"query\",\n \"node\"\n ],\n \"extensions\": {\n \"code\": \"GRAPHQL_VALIDATION_FAILED\",\n \"field\": \"id\"\n }\n },\n {\n \"message\": \"Access Denied\",\n \"locations\": [\n {\n \"line\": 6,\n \"column\": 3\n }\n ],\n \"path\": [\n \"query\",\n \"customerAccessTokenCreate\"\n ],\n \"extensions\": {\n \"code\": \"ACCESS_DENIED\"\n }\n }\n ]\n}\n```\nIn this example, the HTTP status code is 200 OK, but the response body includes two error objects in the errors key. The first error object indicates that the provided value for the \"id\" argument on the \"node\" field is invalid. The second error object indicates that access was denied when attempting to create a customer access token.\n\n### No prioritization of business-critical errors\nThis last example demonstrates how multiple errors might be returned in a GraphQL response. In addition to being difficult to distinguish, multiple errors are also difficult to prioritize. \n\nIn some cases, a `data not found` error may be for a single item in the list, which may not affect the client and would be safe to disregard. In another scenario, even if partial data is received, it might make sense to regard the full response as erroneous. Prioritizing distinct error types and creating a hierarchy is therefore difficult to accomplish with GraphQL. It is also important to be able to distinguish and prioritize handling of business-critical errors, for instance, those involving payments.\n\n### Disclosure of sensitive information\nField recommendations in the error message may reveal sensitive information or expose unexpected functionality that is not intended to be utilized by clients, such as fields that allow clients to manipulate resources or execute arbitrary code. This information might then be used in “fuzzing” attacks executed on the server.\n\nThe following is a query that requests product categories:\n```\nquery {\n searchCategories {\n name\n description\n }\n}\n```\nThe server returns the following response:\n```\n{\n\t\"errors\": [\n \t{\n \"message\": \"Cannot query field \\\"searchCategories\\\" on type \\\"Query\\\". Did you mean \\\"searchUsers\\\" or \\\"searchRoles\\\"?\",\n \"locations\": [{\n \t\t\"line\": 144,\n \t\t\"column\": 3\n\t\t\t}]\n\t\t}\n ]\n}\n```\nThe response reveals functionality and exposes sensitive information to the client, thus putting the application (and data) at risk.\n\n### Hard to debug errors in subgraphs\nA federated GraphQL architecture refers to a way of organizing a GraphQL API as a network of independent GraphQL services that work together to provide a single, unified GraphQL API. Each of the independent GraphQL APIs are known as subgraphs. A router API is exposed to the client in such an architecture and requests are routed by the router to the subgraph that can resolve the query or fields of the query.\n\n![API Gateway are blind to GraphQL Federated](/uploads/API_Gateway_are_blind_to_Graph_QL_Federated_3674bebe0a.webp)\n\nIn the context of error handling, a federated GraphQL architecture can be confusing. Each service subgraph may return different error messages, making it more difficult to understand the overall context of the errors and their relationships to the original queries.\n\nFor example, let's say we have two subgraphs - customer subgraph and a product subgraph, and there is an error while querying a customerInfo field. The following is a snippet of the error received:\n```\n{\n \"errors\": [\n {\n \"message\": \"Internal server error\",\n \"path\": [\"customerInfo\"]\n }\n ]\n}\n```\nThis error message provides very little information about what went wrong and why the user is unable to retrieve their customer information. In some cases, tracing an error like this in a subgraph can be very time-consuming and require a deep understanding of the underlying architecture. \n\n## Best Practices for Error Handling\nError handling and debugging may be difficult for GraphQL APIs, but there are industry-wide practices and approaches that can help us deal with them more effectively. Some of the solutions to the problems we discussed above are as follows:\n\n### Write custom error handling middleware\nSince all errors in GraphQL result in a 200 status code, in order to provide “HTTP-readable” errors to the client, a developer might write custom error handling middleware that intercepts all errors before they are returned to the client. This middleware categorizes each error based on its type and then translates it into a readable error message.\n\nThe following is an example of custom error handler for a GraphQL server:\n```\ncustomErrorHandler = (err, req, res, next) =\u003e {\n const error = formatError(err);\n const { message, locations, path, extensions } = error;\n\n let statusCode = 500;\n let errorType = 'INTERNAL_SERVER_ERROR';\n let errorMessage = 'Internal server error. Please try again later.';\n\n if (extensions \u0026\u0026 extensions.exception) {\n const { name } = extensions.exception;\n\n if (name === 'ValidationError') {\n statusCode = 400;\n errorType = 'VALIDATION_ERROR';\n errorMessage = 'Invalid input. Please provide valid data for the following fields:';\n }\n }\n\n const response = {\n errorType,\n message: errorMessage,\n locations,\n path,\n };\n\n res.status(statusCode).json(response);\n};\n\nconst app = express();\napp.use('/graphql', graphqlHTTP({\n schema,\n rootValue,\n customErrorHandler,\n graphiql: true\n}));\n\napp.listen(4000, () =\u003e {\n console.log('Running a GraphQL API server at localhost:4000/graphql');\n});\n```\nThis middleware intercepts GraphQL errors and categorizes them based on their name. In addition to categorization by name, you can also categorize them by:\n- **Error location:** You can categorize errors based on where they occurred in the query or mutation. For example, you can categorize errors by the name of the field or argument that caused the error. \n- **Error severity:** You can classify errors based on their severity level, such as critical errors that prevent the server from processing the request, or non-critical errors that don't affect the functionality of the application.\n- **Error source:** You can categorize errors based on their source, such as server-side errors or client-side errors. This can help you identify whether the error was caused by your server, your client, or a third-party service.\n- **Error type:** You can classify errors based on their type, such as validation errors, authorization errors, or input errors.\n\nYou can also write custom error handlers to hide native GraphQL error messages that should not be seen by the client. For example, error messages in GraphQL often contain field suggestions which might be exploited later:\n```\n{\n \"errors\": [\n {\n \"message\": \"Cannot query field \\\"hellooo\\\" on type \\\"Query\\\". Did you mean \\\"hello\\\"?\",\n \"locations\": [\n {\n \"line\": 33,\n \"column\": 3\n }\n ]\n }\n ]\n}\n```\nThese sorts of error messages can be masked via a custom error formatting function as below:\n```\nconst customFormatErrorFn = (error) =\u003e {\n if (error.message.startsWith(\"Cannot query\")) {\n return {\n message: \"Invalid request\"\n };\n }\n return error\n};\n```\n\n### Treating errors as data\n\nAn alternative to the custom middleware approach is to use the “data as errors” approach. In the “data as errors” approach, error handling is baked into the GraphQL schema. You define different response types for when a response is successful and when it’s not. For example, say we are designing a GraphQL API for fetching books for a library catalog:\n```\ntype Book {\n id: Id!\n title: String! \n}\n\n\ntype NotFound\n{\n message: String!\n\n}\n\ntype Overdue\n{\n message: String!\n lateFee: Float\n}\n```\nYou can use a **union type** to represent all possibilities of the response:\n```\nunion BookResult = Book | NotFound | Overdue\n\ntype Mutation {\n bookResult(id: Id!): BookResult\n}\n```\nA client may then query for books based on the different states returned by the book result:\n``` \n{\n bookResult(id: 1) {\n __typename\n ... on Book {\n id\n title\n }\n ... on NotFound {\n message\n }\n ... on Overdue {\n message,\n lateFee\n }\n}\n```\nBy modeling the errors in the schema itself, you leave it to the client handle the ones that are important.\n\n### Disable debug mode in production\n\nDev Mode, supported in some GraphQL implementations but not all, provides a lot of helpful information for developers during the development and testing phase, such as detailed error messages and a comprehensive list of available fields and arguments. However, it is generally recommended to disable dev mode in production since it can expose sensitive information about your GraphQL API, such as the structure of your database, server configuration details, and API keys, to potential attackers. \n\n### Avoiding leakage of sensitive information through errors\nIt is recommended to limit the amount of information returned in error messages and include only the minimum amount of information necessary to identify the error and help developers debug it. You’d certainly want to avoid including sensitive information such as database queries, user information, or system configuration details.\n\n### Configuring proper alerts and triggers for mission-critical business errors\nSeveral critical business errors, if not rectified, have the ability to completely derail the system. Purchase orders, for example, are mission-critical objects and mutations that cannot fail, and when they do, unless there is sufficient error escalation and alerting in place, these mistakes might be missed, delaying redressal. In such situations, it is crucial that an event is triggered to alert the team responsible immediately.\n\n### Improve traceability for subgraphs\nIt is best practice for each subgraph to log errors to a centralized logging system that aggregates logs from all the subgraphs. You can use log aggregation tools that provide error alerts and analysis to help you identify trends and patterns. It is also important to set up monitoring and have alerts configured to notify subgraph teams when an error occurs. It is critical to offer an internal key to the subgraph without disclosing too much information externally.\n\n## How Inigo can help\nCompanies are increasingly implementing GraphQL in their production environments. With this growth comes a new set of challenges, including how to secure GraphQL, analyze blind spots, and gain visibility into GraphQL traffic and errors. This is where Inigo comes in.\n\nInigo is not a GraphQL server. Instead, it offers a comprehensive set of tools to contextualize GraphQL traffic, provide granular query-level analytics, and elevate errors to the appropriate team. \n\nFor example, on the Inigo dashboard, you’re able to see all of the queries and errors coming into and going out of your GraphQL setup. These errors are likely returning a 200 status code, which means that if you're using a standard API gateway, you have little visibility into them.\n\n![Top Errors.webp](/uploads/Top_Errors_18fcca0bf1.webp)\n\nYou’re also able to filter queries based on whether they responded with an error:\n\n![Explore queries with errors.webp](/uploads/Explore_queries_with_errors_64e01a0040.webp)\n\nThese errors are categorized/labeled, and you can dig into them:\n\n![Explore Detailed Query.webp](/uploads/Explore_Detailed_Query_121d4e085c.webp)\n\nAdditionally, Inigo makes it easier to implement GraphQL error handling best practices, for example, by blocking errors that contain PII, or by allowing users to automatically configure alerts that will escalate business-critical errors to responsible parties via Slack or email.\n\nFinally, in the case of multiple errors, Inigo provides subgraph visibility. In a federated GraphQL system, when you get an error, you might not know which subgraph that error comes from. With Inigo, you can dive into specific subgraphs to explore the errors:\n\n![Subgraph Analytics.webp](/uploads/Subgraph_Analytics_1b83597c7d.webp)\n\n## Conclusion\nError handling is a key component of API development. For GraphQL APIs in particular, error handling requires careful thinking and design. You can learn more on why defending GraphQL APIs is challenging for security engineers [here](https://inigo.io/blog/what_makes_defending_graphql_apis_is_challenging_to_security_engineers). In conclusion, it is critical to have a contextualized way to surface GraphQL analytics and elevate alerts to improve the overall stability and usefulness of your GraphQL API. ","short_text":"\u003cp\u003eRediscover your GraphQL API Experience: Learn how GraphQL breaks free from traditional API Gateways.\u003c/p\u003e\n","createdAt":"2023-02-22T23:13:11.953Z","updatedAt":"2024-09-10T05:00:51.744Z","publishedAt":"2023-02-28T23:57:48.711Z","path":"graphql_error_handling","author_twitter":"https://twitter.com/shacharbinyamin","date":"2023-02-28","keywords":null,"cover":{"data":{"id":302,"attributes":{"name":"API Gateway are blind to GraphQL.webp","alternativeText":"API Gateway are blind to GraphQL","caption":"API Gateway are blind to GraphQL.webp","width":1400,"height":600,"hash":"API_Gateway_are_blink_to_Graph_QL_3fbc9d9e36","ext":".webp","mime":"image/webp","size":35.02,"url":"/img/strapi/API_Gateway_are_blind_to_GraphQL.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-22T23:17:48.167Z","updatedAt":"2023-09-11T15:29:52.682Z"}}},"related":[]}},{"id":18,"attributes":{"title":"GraphQL Injection Attacks","author":"Shahar Binyamin","text":"[![Protect your GraphQL](/uploads/Banner_Protect_your_Graph_QL_7784492908.png)](https://landing.inigo.io/demo)\n\n## Overview\nInjection attacks are a very common type of web attack, where an attacker sends malicious input to an API that has an interpreter or parser that processes the input and passes it on to a backend system or database. If the interpreter/parser doesn’t validate or sanitize the input, then the attacker can gain access to or manipulate confidential data.\n\n## Why do injection attacks occur in GraphQL?\nGraphQL is uniquely vulnerable to injection attacks for a few reasons:\n\n1. GraphQL introduces new surfaces for injections, through features like operation names and aliases.\n2. GraphQL introduces new steps in the processing flow. Each of the parser, the gateway, and the sub-graph resolvers can be targets for an attack.\n3. GraphQL turns what would be multiple API calls with a REST API into a single call. This single call can target multiple areas and multiply injection combinations because of GraphQL’s free-form nature.\n\n## How GraphQL injection attacks work\nAn injection attack can happen at any phase during the execution of a query:\n\n1. Parsing: The GraphQL query string is parsed into an abstract syntax tree (AST), a tree-like representation of the query. This step verifies that the query is syntactically correct and adheres to the GraphQL query language specifications.\n2. Validation: The AST is then validated against the GraphQL schema to check that the query is semantically correct and that it is requesting only valid fields and types. This step checks if the query adheres to the GraphQL schema and rules. Since the specification specifies no rules besides uniqueness on operation, argument, alias and directive names, these, if not validated, can be an entry point for an attacker.\n3. Execution: The validated query is then executed by the server using resolvers. For each field requested, there is a resolver function that runs in the backend and fetches the data from the database. The resolver can also serve as an entry point for an attacker. For instance, the following is an example of a GraphQL resolver written using GraphQL.js. It executes a query that returns a customer that matches the supplied id. \n\n```\nQuery: {\n customer(obj, args, context, info) {\n const stmt = `SELECT * FROM customers where id = ${id};`;\n const customerData = db.query(stmt)\n return customerData\n }\n}\n```\nIf a value like id: \"1' OR 1=1–\" is provided, it will result in a SQL injection and the resolver will return all customers, triggering a data breach.\n\n## Examples of Injection Attacks\nGraphQL injection attacks can lead to a few different scenarios:\n\n1. DoS (overloading the parser or resolver to a point they crash)\n2. Extract data\n4. Manipulate data\n\nBelow, we’ll cover some specific tactics that attackers might use in an injection attack, including Aliases, SQL injections, command injections, XSS assaults, LDAP and NoSQL injections.\n\n## SQL injection\nA SQL injection involves exploiting systems that use SQL to communicate with their databases. An attacker can inject SQL statements that manipulate a GraphQL query to access, modify or delete data.\n\nFor example, an attacker could include the following code in a GraphQL query that retrieves a particular customer's details:\n```\nquery {\n customer(id: \"22371' OR 1=1–\") {\n name, \n email, \n address, \n contact\n }\n} \n```\nDuring the execution phase, the above code would cause the query to return all the customer details instead of just the customer matching the original query.\n\n## NoSQL injection\nA NoSQL injection attack is similar to a SQL injection attack. It targets systems or applications that use NoSQL databases.\n\nThe following query is an example of a GraphQL query that accepts a JSON input to search for a user via user names or email addresses. \n```\nquery {\n users(search: \"{\\\"username\\\": {\\\"$regex\\\": \\\"jan\\\"}, \\\"email\\\": {\\\"$regex\\\": \\\"jan\\\"}}\",\n options: \"{\\\"skip\\\": 0, \\\"limit\\\": 10}\") {\n _id\n username\n fullname\n email\n }\n}\n```\n\nThe attacker could modify the JSON data type fields to include MongoDB or other NoSQL database-specific commands, which would then be executed by the database when the GraphQL query is processed.\n\n```\nquery {\n users(search: \"{\\\"email\\\": {\\\"$gte\\\": \\\"\\\"}}\",\n options: \"{\\\"fields\\\": {}}\") {\n _id\n username\n fullname\n email\n }\n}\n```\n\nDuring the execution phase, the above query will return all fields specified in the GraphQL schema for all users in the system. \n\n## LDAP injection\nLDAP is commonly used for storing, retrieving, modifying and searching for data in a hierarchical directory. A GraphQL query that accepts LDAP input could be used to retrieve data from an LDAP directory. \n\nLDAP injection attacks typically target the search filter of an LDAP query, which is used to specify the conditions that must be met for a record to be returned. An attacker can modify the search filter to include malicious code, allowing them to retrieve sensitive information or perform other unauthorized actions. For example, an attacker might modify a search filter to include a wildcard character, which would return all records in the directory.\n\n```\nquery {\n user(username: \"*\") {\n name\n email\n groups\n }\n}\n```\n\nDuring the execution phase, the above query returns details of all users. \n\n## Command injection\nCommand injection is an exploit in which an attacker can inject shell commands or code into a GraphQL query. It allows the attacker to execute arbitrary commands on the server, thus potentially giving them wide access. For example, consider the following GraphQL query\n```\nquery {\n getUser(id: \"1\") {\n name\n email\n }\n}\n```\nAn attacker can inject a command into the id field to execute a shell command on the server during the execution phase, such as:\n```\nquery {\n getUser(id: \"1; ls -la\") {\n name\n email\n }\n}\n```\nIf the server is using an API that interprets a string as a shell command (for instance is using child_process.execFile), this would cause the server to execute the command `ls -la`.\n\n## XSS (Cross-Site Scripting)\nXSS attacks can occur when an attacker injects malicious code into trusted websites, generally in the form of browser scripts. For example, an attacker might inject malicious code into the comment field, such as:\n```\nquery {\n getComment(id: \"1\") {\n user\n comment: \"\u003cscript\u003ealert('XSS Attack')\u003c/script\u003e\"\n }\n}\n```\nWhen a user views the results of this query, the malicious script will be executed in their browser.\n\n## Log spoofing\nGraphQL actions can take an operation name as part of the query. For example, here is a query that uses CustomName as an operation name:\n```\nquery CustomName {\n getCustomName\n {\n first\n last\n }\n }\n```\nIn the audit log, the application will display all queries and mutations that users are executing on the system. If the query had an operation name, it will be recorded in the audit log under that operation name. This creates an opportunity for attackers to “spoof” the log by putting a query under a misleading operation name.\nFor example, the mutation below logs the mutation as getUser when actually, it’s creating a user.\n```\nmutation getUser {\n createUser(name:\"\u003cscript\u003ealert(1)\u003c/script\u003e\", content:\"zzzz\", public:true) {\n userId\n }\n}\n```\nOr, the query below logs arbitrary strings to the audit log:\n```\nquery arbitraryString {\n systemHealth\n}\n```\n\n## HTML injection\nHTML injection allows an attacker to inject malicious code into a vulnerable web page. HTML injections are similar to XSS attacks. The following query demonstrates how an attacker can create an HTML injection:\n```\nmutation {\n createPaste(title:\"\u003ch1\u003ehello!\u003c/h1\u003e\u003cscript\u003ealert('Attack')\u003c/script\u003e\", content:\"zzzz\", public:true) {\n paste {\n id\n }\n }\n}\n```\n\n## Prevention and protection against GraphQL injection attacks\nBelow, we outline some ways to protect your server from GraphQL injection attacks.\n### Input validation and sanitization\nInput validation means having checks in place for GraphQL input. These checks validate that the input has an expected format and doesn’t include special characters frequently used in injection attacks.\n\nFor example, in the above SQL injection examples, we see that an attacker supplies input ( 1233' OR 1=1-) that includes the single quote special character.\n\nThe dynamic SQL statement in the resolvers might be: \n```\n\"SELECT * from customers where id='\" + input + \"'\"\n```\n\nAfter concatenating it with the provided input, the statement is evaluated as:\n```\nSELECT * from customers where id='1233' OR 1=1—'\n```\nThe single quote acts as a string delimiter in SQL. By adding it to the input, the statement searches for customers with an id of 1233 or 1=1. Since 1=1 is always true, it returns all customers. The last single quote is commented out, then, since – and any text after it is considered a comment in SQL. \n\nIn this example, input validation would determine that the input contained dangerous special characters (single quote and -); input sanitization would then remove these characters. \n\nWhile input validation and sanitization can be performed in the resolvers (execution stage), it is recommended to do it earlier, in the validation stage, when the AST is validated against the GraphQL schema to determine that only valid types and fields are being requested. In addition to the basic Int, Float, String, Booleans, types, you can additionally enforce that inputs match custom scalar types, like email addresses. This helps you identify the data and validate it before even transferring it to the server.\n\n### Prepared statements\nPrepared statements bind the actual data values to the placeholders in the template at runtime. \nFor example, instead of writing a query like this:\n```\nSELECT * FROM users WHERE id = '123';\n```\n\nYou would use a prepared statement in your resolver like this:\n```\nSELECT * FROM users WHERE id = ?;\n```\n\nThe ? is a placeholder that temporarily takes the place of the data. The SQL query is pre-compiled with placeholders, and the user’s data is added later. This means that even if a nefarious actor submits a GraphQL query that looks like:\n```\nquery {\n user(id: \"22371' OR 1=1 \") {\n name, \n email, \n address, \n contact\n }\n} \n```\nThe initial SQL query logic won’t be changed. Instead, the database will look for a user admin whose password is literally “22371' OR 1=1 ”.\n\n### Secure libraries, secure implementations\nSeveral well-known languages have libraries and implementations of the GraphQL specification. Attackers take advantage of flaws in these servers or implementations. For example, the use of exec and execSync in @graphql-tools/git-loader before 6.2.6. allows arbitrary command injection. Therefore, it's crucial to pick secure libraries and versions while creating GraphQL APIs. You can learn more about public GraphQL implementations [here](https://inigo.io/blog/how_threat_actors_fingerprint_your_graphql_apis).\n\n## Conclusion\nGraphQL injection attacks may undermine critical web applications and systems. To prevent GraphQL injection attacks, it is essential to follow best practices around input validation and the use of secure libraries.\n\nSecurity tooling often focus on REST APIs input validation and sanitization, leaving GraphQL APIs unaddressed. With [Inigo](https://inigo.io/blog/operation_name_security_in_graphql), you can establish rigid guidelines for which operation names (as well as other elements of the document) to accept from clients. This ensures that your policy is rigid regardless of which GraphQL servers you use. The following is an example configuration that validates optional names for a GraphQL API:\n```\nkind: Security\nname: my_server\nspec:\n validation:\n alias_name: \"^[a-zA-Z]+$\"\n directive_name: \"^[a-zA-Z]+$\"\n operation_name: \"^[a-zA-Z]+$\"\n arguments:\n String: \"^[a-zA-Z]+$\"\n```\n\n## Additional Resources\nThere are many resources available to help developers learn about GraphQL security and injection attacks, including\n1. \"[GraphQL Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html)\" by OWASP: This guide from OWASP covers the most common security risks associated with GraphQL and provides best practices for mitigating them.\n2. “[Damn Vulnerable GraphQL Application](https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application)” - Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of GraphQL to learn and practice GraphQL Security. \n3. “[The complete GraphQL Security Guide](https://wundergraph.com/blog/the_complete_graphql_security_guide_fixing_the_13_most_common_graphql_vulnerabilities_to_make_your_api_production_ready)” - This blog post discusses fixes to the 13 most common GraphQL vulnerabilities to make your API production ready.\n\nProtecting your GraphQL APIs is critical, and this process may be aided with GraphQL security platforms like as Inigo, which operate with any GraphQL server. Inigo has schema-based access control, detailed analytics, dynamic rate-limiting, an easy UI, and much more to help you accelerate API adoption.\n\n\n\n","short_text":"\u003cp\u003eGraphQL’s complex payload expands attackers' ability to inject malicious payloads and compromise its underlying system.\u003c/p\u003e\n","createdAt":"2023-02-03T21:49:58.749Z","updatedAt":"2024-09-10T04:54:47.093Z","publishedAt":"2023-02-03T21:58:59.337Z","path":"graphql_injection_attacks","author_twitter":"https://twitter.com/shacharbinyamin","date":"2023-02-03","keywords":null,"cover":{"data":{"id":257,"attributes":{"name":"Graphql_Injection.webp","alternativeText":"Graphql_Injection.webp","caption":"Graphql_Injection.webp","width":1400,"height":600,"hash":"Graphql_Injection_721607641b","ext":".webp","mime":"image/webp","size":20.66,"url":"/img/strapi/Graphql_Injection.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:05.758Z","updatedAt":"2023-09-12T15:08:01.098Z"}}},"related":[]}},{"id":17,"attributes":{"title":"GraphQL in Enterprise - Are you Ready?","author":"Shahar Binyamin","text":"## Overview\nCIOs and technology leaders are now likely aware of the growing popularity of GraphQL, the open source API query language. Like how Kubernetes adoption unfolded within organizations over the past few years, developers are largely leading the internal charge—championing GraphQL as a modernized replacement for legacy REST APIs.\n\nAccording to Gartner, more than half of enterprises will be using GraphQL in production by 2025; in 2021, fewer than 10% were. This rapid shift is driven in part by the need to expose API data and functionality to third-party developers, which has become increasingly popular. GraphQL is a far more flexible, scalable, and easier-to-use option than REST. It’s become the cornerstone of widespread API modernization initiatives, and it is vastly more efficient and effective to use for developers.\n\nHowever, with over 50% of APIs being “unmanaged”—and with enterprises producing and consuming an exponentially growing number of APIs—come new security risks.\n\nWhat is an “unmanaged” API? Unmanaged APIs are APIs that have been created by a developer but are not discovered by the people who manage the GraphQL schema (i.e., the engineers/architects/CIO teams who are responsible for making sure that API development is efficient and secure, and that the schema itself is always optimized).\n\nThese unmanaged APIs are commonly referred to as “shadow APIs.” Going undiscovered and/or invisible, shadow APIs also prevent enterprise architects from optimizing schema planning and business logic across the organization. They then cannot enforce standards across subgraphs and manage resource consumption, resulting in Service Level degradation (latency) as well as inefficient and costly development. \n \nFurthermore, both shadow APIs and unsecured APIs pose an ongoing threat to the enterprise. The compliance and security teams lack the ability to enforce access control, detect anomalies, and secure the code, opening the organization to threats of unauthorized data access and breaches, as well as heavy financial and reputation losses. \n\nThis raises the question: why are existing application gateways not sufficient to help with the transition to GraphQL? Most API and web application gateways that enterprises have in place cannot discover GraphQL traffic and cannot provide the depth and context necessary to deliver visibility, discoverability, or real-time protection. Because GraphQL operations are sent as a single request, it’s difficult to understand how that request is being handled and what services are being called; all GraphQL traffic is seen at a high level, without details or granularity.\nInigo was created to specifically address these gaps in API management, governance, and security for GraphQL APIs. Our solution goes into depth for each query, and with our innovative intellectual property, it not only makes GraphQL APIs visible and manageable but also provides real-time protection, Importantly, it delivers these capabilities regardless of the measures put in place by the developer, enabling CIOs and platform teams to move into API modernization with GraphQL with confidence. \n\nInigo’s GraphQL gateway provides schema-based access control, so your team can define and enforce access policies based on the schema of your GraphQL APIs, rather than the underlying code. Doing so ensures that only authorized users and applications can access the data and functionality exposed by the APIs.\n\nSecond, Inigo delivers compliance with a full audit trail and PII detection. This allows your enterprise to track and monitor all of the interactions related to your GraphQL APIs, and to detect and prevent the leakage of sensitive personal information.\n\nThird, Inigo provides protection from spec abuse, injections, and object-level rate limiting. This helps organizations prevent and mitigate different types of attacks, such as query overloads, data breaches, and service disruptions.\n\nIn addition to security, Inigo’s platform enhances the developer experience and adds key workflow efficiencies, including:\n\n- Operations and performance optimization, which allows developers to monitor and improve the performance of their GraphQL APIs in real time.\n- API lifecycle management with CI tools, which helps developers automate the deployment and testing of their GraphQL APIs.\n- Schema planning, which enables developers to design and implement GraphQL APIs in a modular and extensible way.\n- Granular query sub-graph analytics, which gives developers insights into the usage and behavior of their GraphQL APIs, and helps them to optimize and evolve them over time.\n\nInigo offers a more affordable solution compared to other data and analytics tools. It delivers GraphQL-specific capabilities that other tools are too expensive to apply to GraphQL deployments. Additionally, [Inigo is SOC-2 compliant](https://www.globenewswire.com/news-release/2023/01/11/2587241/0/en/Inigo-Achieves-SOC-2-Type-II-Compliance-Certification-for-GraphQL-Security-and-Management-Platform.html)—which means that it meets the strict security and compliance standards required by many organizations.\n\nIf you want to experience our solution, or see a demo, reach out to us at [sales@inigo.io](mailto:sales@inigo.io)\n","short_text":"\u003cp\u003eGraphQL is becoming increasingly popular among technology leaders as a modernized replacement for legacy REST APIs. But with this shift comes new security risks. Unmanaged APIs can pose a threat to the enterprise in terms of unauthorized data access and breaches.\u003c/p\u003e\n","createdAt":"2023-01-24T00:57:47.412Z","updatedAt":"2023-09-11T15:28:59.120Z","publishedAt":"2023-01-24T22:51:02.418Z","path":"graphql_in_enterprise","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2023-01-24","keywords":null,"cover":{"data":{"id":275,"attributes":{"name":"Post_8_Illustration_1.webp","alternativeText":"Post_8_Illustration_1.webp","caption":"Post_8_Illustration_1.webp","width":1400,"height":600,"hash":"Post_8_Illustration_1_2ca6c6ca61","ext":".webp","mime":"image/webp","size":13.95,"url":"/img/strapi/Post_8_Illustration_1.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:07.408Z","updatedAt":"2023-09-11T15:28:58.498Z"}}},"related":[]}},{"id":16,"attributes":{"title":"GraphQL 2023 Predictions","author":"Shahar Binyamin","text":"### What should you expect from GraphQL this year?\n\nIn short, a lot. We’re expecting a significant increase in the adoption of GraphQL throughout 2023. Companies are increasingly seeking a path to modernize the way they build and manage APIs; GraphQL is increasingly the answer. \n\nSimply put, the benefits that GraphQL provides for developers (and users) have become too consequential to ignore. With GraphQL, developers can create APIs tailored to a client's specific needs, rather than being limited to a fixed set of endpoints. That GraphQL benefit has always been there, but as the technology has grown up, so has the development of GraphQL frameworks and tools supporting teams in their API modernization initiatives. These tools are making it far easier for organizations to work with GraphQL and, just as significantly, increasingly sophisticated solutions are being developed to support GraphQL at greater scale. \n\nIn addition to the continuous development of GraphQL frameworks and tools, we expect to see further refinement of the GraphQL specification and its ecosystem in the coming year. The GraphQL community is growing rapidly—accelerated by the work of the [GraphQL Foundation](https://graphql.org/foundation)—and this will lead to an increased focus on the specification (as well as the tools that support it).\n\nAs GraphQL becomes more widely adopted, there will also be an increased focus on security. Like other developer-driven movements, GraphQL posed new and urgent security and management challenges as enterprises use it at scale. Among these hurdles are protecting against GraphQL injection attacks, rate limiting, and developing best practices to prevent these attacks.\n\nIn 2023, we expect to see a significant increase in the use of dedicated and sophisticated security solutions that can handle GraphQL and the sensitive data that it often handles—such as financial and medical information, along with other types of personally identifiable information. (This isn’t just good practice—getting it right is mandatory to achieve regulatory compliance mandates.) These purpose-built GraphQL solutions and tools will be increasingly necessary as mainstream firewalls and intrusion detection systems struggle to keep up with the rapid evolution of GraphQL.\n\nGraphQL is maturing, the technologies supporting it are maturing, and 2023 will be a particularly significant year for the API query language. It’s an exciting time, but teams and their organizations need to have their plan for GraphQL-at-scale—and the right tools—ready to go.\n","short_text":"\u003cp\u003eSignificant increase in the adoption of GraphQL throughout 2023. Companies are increasingly seeking a path to modernize the way they build and manage APIs; GraphQL is increasingly the answer.\u003c/p\u003e\n","createdAt":"2023-01-11T00:06:58.510Z","updatedAt":"2023-09-11T15:30:13.130Z","publishedAt":"2023-01-19T16:24:33.851Z","path":"graphql_2023_predictions","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2023-01-17","keywords":null,"cover":{"data":{"id":274,"attributes":{"name":"Post_8_Illustration.webp","alternativeText":"Post_8_Illustration.webp","caption":"Post_8_Illustration.webp","width":1400,"height":600,"hash":"Post_8_Illustration_f16c89a3f6","ext":".webp","mime":"image/webp","size":16.7,"url":"/img/strapi/Post_8_Illustration.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:07.407Z","updatedAt":"2023-09-11T15:30:12.346Z"}}},"related":[]}},{"id":15,"attributes":{"title":"Your security peace-of-mind: We’re SOC 2 Type II Compliant","author":"Shahar Binyamin","text":"## Overview\nWe’re excited to announce that Inigo has achieved SOC 2 Type II compliance. With this certification, we stand alone as the only SOC-2 Type-II-certified company focused on GraphQL API security and governance.\n\nSOC 2 Type II requires organizations to meet the rigorous security, availability, processing integrity, confidentiality, and privacy standards set by the American Institute of Certified Public Accountants (AIPCA). In our comprehensive SOC 2 audit—performed by a third-party, Sensiba San Filippo, LLP (SSF)—our GraphQL API security and management platform fully demonstrated the robust controls required to achieve this certification and safeguard our customers’ crucial systems and sensitive data.\n\nEarning SOC 2 compliance is a testament to the strength of our end-to-end security capabilities and processes. The designation also underscores our commitment to ensuring our customers can restrict data access to only authorized users and protect their modernized GraphQL APIs with the highest level of data security and privacy available.\n\nWe’re proud to share this major milestone for our company as part of our ongoing investment into Inigo’s security infrastructure. Our customers can take confidence that their data is under the continuous protection of the trustworthy and SOC-2-compliant Inigo platform.\n\n- [Press Release Link](https://www.globenewswire.com/news-release/2023/01/11/2587241/0/en/Inigo-Achieves-SOC-2-Type-II-Compliance-Certification-for-GraphQL-Security-and-Management-Platform.html)","short_text":"\u003cp\u003eWe’re excited to announce that Inigo has achieved SOC 2 Type II compliance. With this certification, we stand alone as the only SOC-2 Type-II-certified company focused on GraphQL API security and governance.\u003c/p\u003e\n","createdAt":"2022-12-26T16:48:55.760Z","updatedAt":"2023-09-11T15:17:34.342Z","publishedAt":"2023-01-11T17:36:20.173Z","path":"inigo_soc_2_type_ii","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2023-01-11","keywords":null,"cover":{"data":{"id":264,"attributes":{"name":"Blog_5_Illustration.webp","alternativeText":"Blog_5_Illustration.webp","caption":"Blog_5_Illustration.webp","width":1400,"height":600,"hash":"Blog_5_Illustration_9e1e48448b","ext":".webp","mime":"image/webp","size":21.04,"url":"/img/strapi/Blog_5_Illustration.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:07.318Z","updatedAt":"2023-09-11T15:17:27.668Z"}}},"related":[]}},{"id":14,"attributes":{"title":"Inigo named one of the Best New DevOps Tools by the Techstrong Group","author":"Shahar Binyamin","text":"We’re proud to announce that Inigo has been named one of the very few [DevOps Dozen finalists](https://devopsdozen.com/) in the _Best New DevOps Tools_ category. The awards hone in on the “best, brightest, and most impactful” DevOps and developer tools from the past year across several categories.\n\nAs always, the DevOps Dozen are put together by the Techstrong Group, the company behind some of the best developer-centric cloud native and security publications—including DevOps.com, Container Journal, and Security Boulevard.\n\nHere’s what DevOps Dozen had to say about our platform:\n\n\u003e“Inigo is a new GraphQL API management platform for DevOps/DevSecOps teams that offers a unique one-stop-shop for GraphQL API security, analytics, and developer productivity at scale. Inigo enables developers to avoid resource-heavy in-house tools that are costly to maintain and prone to errors. Inigo offers the absolute best developer experience around GraphQL APIs, so developer teams can scale with confidence and efficiency.”\n\nWe’re excited to be named a finalist in this newcomer category alongside some great new tools. If you’d like to throw your vote to Inigo as the category winner, [you can do that right here](https://www.surveymonkey.com/r/DevOpsDozenAwards2022)!\n\n","short_text":"\u003cp\u003eWe’re proud to announce that Inigo has been named one of the very few \u003cstrong\u003eDevOps Dozen finalists\u003c/strong\u003e in the \u003cem\u003eBest New DevOps Tools\u003c/em\u003e category.\u003c/p\u003e\n","createdAt":"2022-11-17T21:21:49.550Z","updatedAt":"2023-09-11T15:21:12.283Z","publishedAt":"2022-11-17T21:21:54.426Z","path":"2022_devops_dozen_finalists","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-11-17","keywords":null,"cover":{"data":{"id":258,"attributes":{"name":"Best_New_Dev_Ops_Tool_400x400.webp","alternativeText":"Best_New_Dev_Ops_Tool_400x400.webp","caption":"Best_New_Dev_Ops_Tool_400x400.webp","width":1400,"height":600,"hash":"Best_New_Dev_Ops_Tool_400x400_ee15ada647","ext":".webp","mime":"image/webp","size":30.33,"url":"/img/strapi/Best_New_Dev_Ops_Tool_400x400.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:05.761Z","updatedAt":"2023-09-11T15:21:11.594Z"}}},"related":[]}},{"id":12,"attributes":{"title":"Operation name security in GraphQL","author":"Shahar Binyamin \u0026 Inigo team","text":"Operation Names in GraphQL are an optional string a client can specify to describe the operation, also called Named Operation ([Section 5.2.1](https://spec.graphql.org/October2021/#sec-Named-Operation-Definitions)) of the GraphQL specification.\n\nThe specification outlines the following rules as they relate to Operation Names:\n\n- For each operation definition operation in the document.\n- Let operationName be the name of operation.\n- If operationName exists\n-- Let operations be all operation definitions in the document named operationName.\n-- operations must be a set of one.\n\nThis means that a document with more than one query or mutation must include operation names for each, and they must be uniquely named.\n\nFor example, the following document is valid:\n```\nquery First {\n pastes {\n content \n }\n}\n\nquery Second {\n pastes {\n content \n }\n}\n```\nAnd this document is invalid because two queries use the same operation name, violating the uniqueness requirement:\n```\nquery First {\n pastes {\n content \n }\n}\n\nquery First {\n pastes {\n content \n }\n}\n```\nThis document is also invalid because only one query has a defined operation name in the document:\n```\nquery First {\n pastes {\n content \n }\n}\n\nquery {\n pastes {\n content \n }\n}\n```\nWhen a request is sent to a GraphQL API with more than one operation, a client would need to specify the operationName JSON key with the specific named operation of interest to run it:\n```\n{\n \"query\":\"query First { pastes { content } } query Second { pastes { content } }\", \n \"operationName\":\"First\", \n \"variables\":[]\n}\n```\nIf the operationName JSON key is not defined but the query document contains two named operations, the GraphQL server may respond with the following:\n```\n{\n \"errors\": [\n {\n \"message\": \"Must provide operation name if query contains multiple operations.\",\n \"extensions\": {\n \"code\": \"INTERNAL_SERVER_ERROR\"\n }\n }\n ]\n}\n```\nSo, operation names are optional if a document contains one operation, but once it contains more than one, operation names are required and must be unique (i.e. not repeated).\n\nApplications may log the operation names used by client queries for analytics and debugging. They are used by analytic tools to determine, for example, performant and non-performant queries and often are used instead of logging the entire query payload.\n \nHave you ever asked yourself: what characters can be used in a named operation? Let’s see what is accepted versus not accepted with some Python-fu.\n\n![Operation Name Structure.png](/uploads/Operation_Name_Structure_9345f3fdee.png)\n\n## Experimenting with Operation Name Characters\n\nFor the purpose of this test, we used Sangria, Apollo, graphql-ruby, Graphene and HyperGraphQL as the targeted GraphQL servers a mix of seasoned and newer implementations, and used the following script to test various combination of operation name characters, while removing [ignored tokens](https://spec.graphql.org/October2021/#sec-Language.Source-Text.Ignored-Tokens) such as hashes (#) commas (,) and whitespace. \n```\nimport string\nimport time\nimport random\nimport requests\n\ndef randomize(N):\n random_int = random.randint(1, 7)\n strings = {1: string.ascii_lowercase + string.digits,\n 2: string.ascii_lowercase + random.choice(string.punctuation),\n 3: string.digits + random.choice(string.punctuation),\n 4: string.punctuation,\n 5: string.ascii_lowercase,\n 6: string.digits,\n 7: string.printable}\n\n chosen = strings[random_int]\n chosen = chosen.replace(' ', '')\n chosen = chosen.replace('#', '')\n chosen = chosen.replace(',','')\n chosen = random.sample(chosen, len(chosen))\n\n\n return ''.join(random.choice(chosen) for _ in range(N))\n\n\nwhile True:\n opName = randomize(5)\n query = \"\"\"\n query {0} {{\n __typename\n }}\"\"\".format(opName)\n\n\n r = requests.post('http://test.inigo.local', json={\"query\":query})\n\n if r.ok:\n print(f'Accepted: {opName}')\n else:\n print(f'Not accepted: {opName}')\n```\n\nRunning the code produces the following results:\n```\nAccepted: k4qcb\nAccepted: lzort\nNot accepted: ]}VKV\nNot accepted: 69071\nNot accepted: \\|\u0026!~\nAccepted: fclue\nNot accepted: 2kxq6\nNot accepted: $\u0026${}\nAccepted: _5157\nNot accepted: +_'!)\nAccepted: ztb0v\n```\n## Tests Breakdown\n\n![Experimenting with Operation Names.png](/uploads/Experimenting_with_Operation_Names_bea8ce6a46.png)\n\nSymbols such as greater than (\u003e) or less than (\u003c) typically used in Cross-Site Scripting payloads aren’t allowed, neither single-quotes or double quotes, equal sign, and others in most cases. One anomaly was **HyperGraphQL**, a Java-based GraphQL server, which allowed characters such as: `+\u003e\u003c;^%~+ as operation name.\n\n![Operation Name HyperGraphQL.png](/uploads/Operation_Name_Hyper_Graph_QL_7cd392d24d.png)\n\n\nThis was an interesting experiment. Despite the specification describing what characters should and should not be interpreted, there are deviations from the norm. This is why it is important to know your implementation well.\n\nWith Inigo, you can define strict rules on what operation names (as well as other components of the document) to accept from clients, so no matter what GraphQL servers you use, your policy is strict across all of them.\n```\nkind: Security\nname: demo\nlabel: starwars\nspec:\n validation:\n alias_name: \"^[a-zA-Z]+$\"\n directive_name: \"^[a-zA-Z]+$\"\n operation_name: \"^[a-zA-Z]+$\"\n arguments:\n String: \"^[a-zA-Z]+$\"\n```\nInigo can help you enforce the use of operation names across all your queries, in addition to applying a strict security policy so that operation names are limited to a safer subset of characters. Reach out to us for more information on how we can enforce security policies across all your GraphQL fleet\n","short_text":"\u003cp\u003eExperimenting with Operation Name characters. Despite the specification describing what characters should and should not be interpreted, there are deviations from the norm. This is why it is important to know your implementation well.\u003c/p\u003e\n","createdAt":"2022-10-07T17:31:57.358Z","updatedAt":"2023-09-11T15:18:44.616Z","publishedAt":"2022-10-11T02:34:36.988Z","path":"operation_name_security_in_graphql","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-10-11","keywords":null,"cover":{"data":{"id":260,"attributes":{"name":"Operation_Name_Security.webp","alternativeText":"Operation_Name_Security.webp","caption":"Operation_Name_Security.webp","width":1400,"height":600,"hash":"Operation_Name_Security_cfc46244f0","ext":".webp","mime":"image/webp","size":15.06,"url":"/img/strapi/Operation_Name_Security.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:05.861Z","updatedAt":"2023-09-11T15:18:43.941Z"}}},"related":[]}},{"id":11,"attributes":{"title":"Defeating controls with Array-based Query Batching","author":"Shahar Binyamin \u0026 Inigo team","text":"In the [previous post](https://inigo.io/blog/defeating_controls_with_alias-based_query_batching), we discussed the way threat actors can optimize attacks to defeat authentication controls using query batching based on GraphQL aliases.\n\nAliases are great because they are part of the [GraphQL specification](https://spec.graphql.org/October2021/#sec-Field-Alias) as shown in section 2.5. So, when you run into a GraphQL API, you should expect to have aliases available at your fingertips.\n\nAliases have one disadvantage - they can only be applied to either queries, or mutations, but not both at the same time in a single HTTP request. Another approach to query batching is by using arrays.\n\nIt is possible to batch queries together by adding them to an array and sending them to a GraphQL server. This option is not available in all implementations and also isn’t specifically mentioned in the GraphQL specification. \n\nIt is quite easy to test whether a GraphQL API support arrays, here is how you can do this in Python using the requests library:\n```\nimport requests\n\nqueries = [\n {\"query\":\"query { __typename }\"},\n {\"query\":\"query { __typename }\"}\n]\n\nrequests.post('http://localhost:5013/graphql', json=queries)\n```\nIf you prefer cURL, you can test whether the GraphQL server supports arrays like so:\n```\ncurl -X POST http://example.inigo.local/graphql -H \"Content-Type: application/json\" -d '[{\"query\":\"query { __typename }\"}, {\"query\":\"query { __typename }\"}]' \n```\nThe response that comes back to queries sent in an array would include multiple data keys, each containing a separate response:\n```\n[\n {\"data\":{\"__typename\":\"Query\"}},\n {\"data\":{\"__typename\":\"Query\"}}\n]\n```\nWhen GraphQL servers see an array (and when they support them), they will process each query one after another in sequence, and return a response once all of them are resolved. Here is how the [Graphene-django implementation handles arrays](https://github.com/graphql-python/graphene-django/blob/master/graphene_django/views.py#L168-L179). \n\n![Array GraphQL.png](/uploads/Array_Graph_QL_ea12888890.png)\n\nThe advantage of arrays is that you can mix queries and mutations together, like so:\n```\nimport requests\n\nqueries = [\n {\"query\":\"query { __typename }\"},\n {\"query\":\"mutation { createUser(user:”user1”) { id } }}\"}\n]\n\nrequests.post('http://example.inigo.local/graphql', json=queries)\n```\nSo, if you have an API flow that requires sending a mix of queries and mutations together to get to some desired state, arrays make it easier. Aliases on the other hand can only be used to batch queries of the same root type. \n\nArrays have one major disadvantage - they aren’t available everywhere. We recommend reading the documentation of the GraphQL implementation in use in your production environment to learn if arrays are supported (or simply try a query against it to figure it out) and whether they can be disabled. \n\nWhether you are using a popular GraphQL server or you’ve built your own, using Inigo’s GraphQL Security and Management platform works independently and is completely server-agnostic, which protects any GraphQL APIs and helps introduce security controls no matter what GraphQL server you use.\n","short_text":"\u003cp\u003eWatch out from array batching. It is possible to batch queries together by adding them to an array and sending them to a GraphQL server. This option is not available in all implementations and also isn’t specifically mentioned in the GraphQL specification.\u003c/p\u003e\n","createdAt":"2022-09-30T19:31:16.088Z","updatedAt":"2023-09-11T15:31:22.279Z","publishedAt":"2022-10-05T18:17:14.515Z","path":"defeating_controls_with_array-based_query_batching","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-10-05","keywords":null,"cover":{"data":{"id":249,"attributes":{"name":"Array_based_Query_Batching.webp","alternativeText":"Array_based_Query_Batching.webp","caption":"Array_based_Query_Batching.webp","width":1400,"height":600,"hash":"Array_based_Query_Batching_030dd514bc","ext":".webp","mime":"image/webp","size":22.17,"url":"/img/strapi/Array_based_Query_Batching.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:05.497Z","updatedAt":"2023-09-11T15:31:21.061Z"}}},"related":[]}},{"id":10,"attributes":{"title":"Defeating controls with Alias-based Query Batching","author":"Shahar Binyamin \u0026 Inigo team","text":"GraphQL isn’t immune to vulnerabilities, it may suffer from them just like any other API technologies such as REST, SOAP, gRPC, or others, but there are some unique and interesting possibilities that open up to hackers when GraphQL is present on the target they are interested in compromising.\n\nVulnerability classes such as Injection, Denial of Service, Forgery, Lack of Resource \u0026 Rate Limiting as well as others, can all apply to GraphQL APIs. However, what’s interesting in GraphQL is the new ways it allows threat actors to optimize certain attacks, specifically those that fall under the category of denial of service and defeating authentication mechanisms.\n\n![Secured GraphQL.png](/uploads/Secured_Graph_QL_f702a31dbb.png)\n\nAliases in GraphQL allow clients to rename response keys of fields and use the same query operation more than once. Let’s first see what happens when a client asks for simple information such as the ID of users:\n```\nquery {\n users {\n id\n }\n}\n```\nAnd the response:\n```\n{\n \"data\": {\n \"users\": [\n {\n \"id\": \"1\"\n },\n {\n \"id\": \"2\"\n }\n ]\n }\n}\n```\nIf a client attempts to fetch the same information more than once this way:\n```\nquery {\n users {\n id\n }\n users {\n id\n }\n}\n```\nThen the response returned by the GraphQL server will only return a single users key in the response:\n```\n{\n \"data\": {\n \"users\": [\n {\n \"id\": \"1\"\n },\n {\n \"id\": \"2\"\n }\n ]\n }\n}\n```\nThe JSON structure we get back from the GraphQL server returns a single key, so the response of two operations is consolidated to a single response key.\n\nAliases in GraphQL allow you to rename the operation name (and hence the JSON key in the response). Aliases can be configured by prefixing the field of interest with some named alias:\n```\nquery {\n nameOne: users {\n id\n }\n nametwo: users {\n id\n }\n}\n```\nWhich results in the GraphQL server returning the following response:\n```\n{\n \"data\": {\n \"nameOne\": [\n {\n \"id\": \"1\"\n },\n {\n \"id\": \"2\"\n }\n ],\n \"nametwo\": [\n {\n \"id\": \"1\"\n },\n {\n \"id\": \"2\"\n }\n ]\n }\n}\n```\nThis allows you to run multiple queries and rename their response key, which allows you to get separate responses. \n\nGraphQL APIs just like any other API can perform sensitive actions such as:\n1. User login\n2. User password resets\n3. User signup\n4. Token verification\n5. Code verification\n\nThis list is just the tip of the iceberg, there could be more options, but you get the point. \n\nBack to aliases - aliases allow you to “stuff” multiple operations in a single HTTP request. Does that ring any of your security bells? It should, because traditional security controls could struggle identifying malicious behavior if they rely on certain characteristics that are more relevant to non-GraphQL based APIs. For example:\n\n- HTTP Method (POST/GET)\n- API Route (e,g, /v1/login)\n- Number of clients requests made (e.g. 100 per minute)\n- The returned HTTP code\n\nLooking at all of these as indicators of potential compromise attempt makes sense in the context of security: If a client makes a POST request to the /v1/login endpoint 100 times in 5 seconds and the response code is 401 Unauthorized, maybe this client is attempting to brute force accounts on your application. These heuristics make sense in non-GraphQL APIs. In GraphQL, the heuristics are a little different.\n\nIn GraphQL, the client intention is not expressed by the HTTP verb, route, or the returned code (in many cases) but by the query payload. Determining how the GraphQL server handled the query is expressed in the response versus any HTTP headers.\n\nSo, if you have a login GraphQL query that takes in an email and password, it would look like the following:\n```\nquery {\n login(email:\"user123@example.com\", password:\"abc\") {\n token\n }\n}\n```\nWith aliases, we can now perform multiple login attempts and send those over a single HTTP request:\n```\nquery {\n attemptOne: login(email:\"user123@example.com\", password:\"abc\") {\n token\n }\n attemptTwo: login(email:\"user123@example.com\", password:\"def\") {\n token\n }\n attemptThree: login(email:\"user123@example.com\", password:\"geh\") {\n token\n }\n}\n```\nThis query structure could circumvent security controls that perform rate limiting that bases its heuristics on the volume of client requests combined with the HTTP method and API route being used. As GraphQL adopters, it’s important to find a solution that can protect your APIs and identify malicious behavior more tailored to GraphQL APIs.\n\nAliases can be used to batch any query (or mutation) but not both at the same time. In the next post, we will cover another method of query batching that allows mixing these two types together.\n","short_text":"\u003cp\u003eGraphQL isn’t immune to vulnerabilities, it may suffer from them just like any other API technologies such as REST, SOAP, gRPC, or others, but there are some unique and interesting possibilities that open up to hackers when GraphQL is present on the target they are interested in compromising.\u003c/p\u003e\n","createdAt":"2022-09-25T06:07:41.728Z","updatedAt":"2023-09-11T15:31:39.394Z","publishedAt":"2022-09-27T06:11:27.868Z","path":"defeating_controls_with_alias-based_query_batching","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-09-27","keywords":null,"cover":{"data":{"id":253,"attributes":{"name":"Alias_based_Query_Batching.webp","alternativeText":"Alias_based_Query_Batching.webp","caption":"Alias_based_Query_Batching.webp","width":1400,"height":600,"hash":"Alias_based_Query_Batching_c564451f3f","ext":".webp","mime":"image/webp","size":22.33,"url":"/img/strapi/Alias_based_Query_Batching.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:05.645Z","updatedAt":"2023-09-11T15:31:38.639Z"}}},"related":[]}},{"id":9,"attributes":{"title":"Analysis of public GraphQL vulnerability reports","author":"Shahar Binyamin \u0026 Inigo team","text":"## Overview\nOne way to learn about GraphQL security is by analyzing public information related to vulnerabilities impacting GraphQL components such as GraphQL clients (like Relay) or GraphQL servers (like Apollo, Graphene, Ariadne, and even products like GitLab Enterprise, Magento, etc). We spent a few days examining data from two main sources: The CVE database by MITRE and the HackerOne Hacktivity portal to see what we can learn from analyzing vulnerability data.\n\n![Public GraphQL Vulnerability .png](/uploads/Public_Graph_QL_Vulnerability_78fe425985.png)\n\n## GraphQL Vulnerability Data Analysis - MITRE CVE Database\nThe [MITRE CVE](https://cve.mitre.org/) database is the source of truth for CVEs. Before diving into the dataset, it’s important to highlight a few important things about the database:\n\n1. Not all vulnerabilities are reported.\n2. Not all vulnerabilities receive a CVE identifier.\n3. Some vulnerabilities are reported but never get a CVE identifier assigned.\n\nThe reason this is important to highlight is, while the CVE database is a good data sample, it is not a comprehensive list of vulnerabilities. \n\nGenerally speaking, vulnerabilities get a CVE identifier when either the vendor of the software impacted by the vulnerability or the researcher who found the flaw engages MITRE and files a CVE request. Some software vendors are authorized to issue their own software a CVE identifier, these vendors are acting as a CNA (CVE Numbering Authority) and you can find the list of CNA partners [here](https://www.cve.org/PartnerInformation/ListofPartners), on this list you can find vendors such as GitLab, Adobe, GitHub, and more.\n\nTo get an idea of the GraphQL vulnerability dataset, we used the MITRE CVE database search option, where you can perform a free-text search. Here is what the search-term “GraphQL” brings up:\n\n![Public GraphQL Vulnerability CVE list.png](/uploads/Public_Graph_QL_Vulnerability_CVE_list_a4d1d63633.png)\n\nHaving access to this dataset, a few questions came up:\n\n1. How many vulnerabilities are there with CVEs?\n2. What are the most common vulnerability classes?\n3. When was the first vulnerability tracked?\n4. Which GraphQL component has the most CVEs?\n\n### How many vulnerabilities are there with CVEs?\nThe search yielded a [few dozen](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=graphql) (45) CVEs related to GraphQL components, such as GraphQL servers, GraphQL client libraries, and so on. \n\n### What are the most common GraphQL vulnerability classes?\nAuthorization (54%) and DoS-based (16%) vulnerabilities were the most popular vulnerability classes, as shown in the pie chart below.\n\n![Public GraphQL Vulnerability CVE.png](/uploads/Public_Graph_QL_Vulnerability_CVE_4fb711cdb8.png)\n\n### When was the first vulnerability tracked?\nPurely based on the CVE identifier strings, the oldest entry is from 2019 (CVE-2019-1000011) this is likely not the first ever vulnerability found in software with GraphQL, but it’s the oldest found in MITRE’s database.\n\n### Which GraphQL software has the most CVEs?\nThis data is likely skewed by the popularity of the component itself, and is not indicative of how hardened a component is or is not, but nevertheless it is interesting data to analyze:\n\n![Public GraphQL Vulnerability CVE By Component.png](/uploads/Public_Graph_QL_Vulnerability_CVE_By_Component_6820b932c8.png)\n\n## GraphQL Vulnerability Data Analysis - HackerOne\nThe [HackerOne](https://hackerone.com/) vulnerability database is a great resource to learn about the types of vulnerabilities researchers report on and get credited for. We performed a search against the public reports on HackerOne to see what types of vulnerabilities have been reported so far.\n\nSince 2018, 74 vulnerabilities have been reported to various companies and bounties ranging anywhere from $250 to north of $20,000 were granted. Most vulnerabilities were in the category of Authorization flaws (87%), followed by DoS (7%) and others (5%)\n\n![Public GraphQL Vulnerability Hacker One.png](/uploads/Public_Graph_QL_Vulnerability_Hacker_One_b985cdcb99.png)\n\nSecurity researchers participating in bug bounty programs are often motivated by money, and authorization-related vulnerabilities very often result in data leakages and impact to personal identifiable information (PII) - these vulnerabilities are considered to be the most critical to companies and the reward for finding such vulnerabilities is, as such, very incentivizing - so it comes as no surprise that most ethical hackers will test for authorization flaws before anything else.\n\nOne important fact about Bug Bounty programs is that testing for Denial of Service-based vulnerabilities is more often than not disallowed (and many times their bounties are also comparatively low where it is allowed), this is reflected in the chart by the limited number of reported DoS vulnerabilities.\n\nGraphQL continues to be interesting both from an offensive as well as a defensive standpoint. Inigo’s GraphQL Security and Management solution helps address Authorization, Denial of Service, as well as other classes of vulnerabilities in GraphQL APIs. \n\n## Conclusion\nGraphQL, with its free-form nature, introduces a new paradigm of attack surfaces. Inigo can help to put the proper guardrails in place, whether you are just starting or already have GraphQL in production. Learn more [here](https://inigo.io/demo).\n\n\n","short_text":"\u003cp\u003eWe spent a few days examining data from two main sources: The CVE database by MITRE and the HackerOne Hacktivity portal to see what we can learn from analyzing GraphQL vulnerability data.\u003c/p\u003e\n","createdAt":"2022-09-20T05:00:57.631Z","updatedAt":"2023-09-11T15:32:33.648Z","publishedAt":"2022-09-20T05:31:49.360Z","path":"analysis_of_public_graphql_vulnerability_reports","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-09-20","keywords":null,"cover":{"data":{"id":268,"attributes":{"name":"Public_Graph_QL_Vulnerability_Header.webp","alternativeText":"Public_Graph_QL_Vulnerability_Header.webp","caption":"Public_Graph_QL_Vulnerability_Header.webp","width":1400,"height":600,"hash":"Public_Graph_QL_Vulnerability_Header_08f92f10fb","ext":".webp","mime":"image/webp","size":21.53,"url":"/img/strapi/Public_Graph_QL_Vulnerability_Header.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:07.346Z","updatedAt":"2023-09-11T15:32:32.844Z"}}},"related":[]}},{"id":8,"attributes":{"title":"What makes defending GraphQL APIs challenging to security engineers","author":"Shahar Binyamin \u0026 Inigo team","text":"While GraphQL has been around for at least seven years since the first reference implementation [graphql-js](https://github.com/graphql/graphql-js) was released to the public in July 2015, many security professionals are not yet caught up with it. It’s not enough to know how GraphQL works and how it can be attacked, what also matters a lot is whether security professionals have the necessary tools to identify suspicious queries, exploitation attempts, and solutions to protect against GraphQL-tailored attacks.\n\nWhether you have a Web Application Firewall (Cloudflare, Modsecurity, or other) monitoring your application for security events, or you’ve built an in-house monitoring solution based on standard access logs to detect suspicious behavior in web applications, you have probably developed some dependency on key indicators such as:\n\n- HTTP methods (verbs)\n- HTTP response status codes\n- Sensitive API Routes\n- API parameters\n\nThese indicators are helpful when you want to monitor for specific events, such as:\n\n1. Clients hammering your registration endpoint\n2. Clients attempting to login unsuccessfully multiple times\n3. Clients attempting to perform account enumeration\n4. Clients tampering with parameters of interest\n\nMonitoring for such events in REST APIs is pretty trivial and requires a few things to be in place: it requires the protected application to follow [RFC2616](https://www.rfc-editor.org/rfc/rfc2616.html) when it comes to the returned HTTP status codes so the signals make sense to clients as well as the security engineering team, and it requires the security team to have a pretty good idea (and an inventory) of their APIs.\n\nTraditional monitoring systems use HTTP components for monitoring. Here is an example of a pseudo-monitoring rule that could be beneficial to the security team in particular:\n\n```\nalert if (http.method=GET and response.status_code=403 and http.uri=”/v1/user/\u003cid\u003e/profile”) \n```\n\nThis example rule relies on the HTTP method (GET), a response code (403 Forbidden) and a specific route (/v1/user/id/profile), which will mostly be available in the case of REST APIs, but what about GraphQL?\n\n![Inigo Observeability.png](/uploads/Inigo_Observeability_4a6f09d1de.png)\n\nGraphQL uses a single GraphQL route (/graphql is pretty common). The reason routes don’t matter in GraphQL APIs is because client intentions are all based on the query payload. While it’s true GET and POST are in use in GraphQL APIs, it does not reflect what the client is ultimately trying to do, this is all derived from the query.\n\nGoing back to the case of monitoring APIs for security events, this design of GraphQL renders traditional security monitoring approaches pretty useless. Monitoring rules as shown above will no longer work, and different tools will be required to achieve the objective.\n\nNot only is there an issue with the single route, GraphQL APIs don’t depend on normal HTTP status codes. It’s often the case that a GraphQL API will return a 200 OK to any query, while any errors will be reflected by the response payload coming back from the server using a dedicated **errors** JSON key with the error message relevant to what went wrong.\n\nFor instance, take a look at the example query below that allows a user to fetch their own user details by passing a numerical user ID:\n```\nquery {\n user(id: 1000) {\n email\n name\n address\n }\n}\n```\n\nIf the calling client has authorization to view user ID 1000 and that ID exists, then such query would result in a response such as:\n```\n{\n \"data\": {\n \"user\": [\n {\n \"email\": \"test@example.com\",\n \"name\": \"test user\",\n \"address\": \"123 Hollywood Blvd\",\n }\n ]\n }\n}\n```\n\nIf the calling client does not have the right authorization level, a GraphQL response might look like the following:\n```\n{\n \"errors\": [\n \"message\": “You are not authorized to view this user.”\n ]\n}\n```\n\nIf the user ID does not exist on the system, a GraphQL response might look like the following:\n```\n{\n \"errors\": [\n \"message\": “User with ID 1000 does not exist”\n ]\n}\n```\n\nThe HTTP code to all three conditions could be a consistent 200 OK from the GraphQL server, which is why GraphQL is more challenging to monitor than traditional REST APIs. If your monitoring solutions are based on standard HTTP access logs, be prepared to see a lot of log lines that look like the following:\n\n```\n1.2.3.4 - - [02/Aug/2022:18:27:46 +0000] \"POST /graphql HTTP/1.1\" 200 - \"-\"\n\"curl/7.43.0\" - 539\n1.2.3.4 - - [02/Aug/2022:18:27:46 +0000] \"POST /graphql HTTP/1.1\" 200 - \"-\"\n\"curl/7.43.0\" - 539\n1.2.3.4 - - [02/Aug/2022:18:27:46 +0000] \"POST /graphql HTTP/1.1\" 200 - \"-\"\n\"curl/7.43.0\" - 539\n```\n\nYou can’t do a whole lot with this. For monitoring security events, you will need a view into the query payload, as well as the response payload, and a solution that can contextualize these events for you. To make matters worse, GraphQL allows batching multiple queries into a single HTTP request, therefore allowing threat actors to hide multiple actions in a single HTTP packet:\n\n```\nquery {\n alias1000: user(id: 1000) {\n email\n name\n address\n }\n alias1001: user(id: 1001) {\n email\n name\n address\n }\n alias1002: user(id: 1002) {\n email\n name\n address\n }\n}\n```\n\nWhen such a query is made, you will only see a single incoming HTTP request, despite the fact that 3 queries were made. \n\nIf you thought it stops here, we’ve got some news for you: it is also possible to batch queries using an array against some GraphQL servers that support it, like so:\n\n```\nimport requests\n\nqueries = [\n {\n \"query\":\"query { user(id: 1000) { email name address }}\",\n \"query\":\"query { user(id: 1001) { email name address }}\",\n \"query\":\"query { user(id: 1002) { email name address }}\"\n }\n]\n\nr = requests.post('http://test.inigo.local/graphql', json=queries)\n\nprint(r.json())\n```\n\nInigo can help provide you with an observability layer tailored to GraphQL that handles these cases too.\n\n\n\n\n","short_text":"\u003cp\u003eIt’s not enough to know how GraphQL works and how it can be attacked, what also matters a lot is whether security professionals have the necessary tools to identify suspicious queries, exploitation attempts, and solutions to protect against GraphQL-tailored attacks.\u003c/p\u003e\n","createdAt":"2022-09-12T21:38:26.578Z","updatedAt":"2023-09-11T15:18:03.683Z","publishedAt":"2022-09-12T21:40:05.911Z","path":"what_makes_defending_graphql_apis_is_challenging_to_security_engineers","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-09-12","keywords":null,"cover":{"data":{"id":250,"attributes":{"name":"Defending_Graph_QL_AP_Is_Challenging_to_Security_Engineers.webp","alternativeText":"Defending_Graph_QL_AP_Is_Challenging_to_Security_Engineers.webp","caption":"Defending_Graph_QL_AP_Is_Challenging_to_Security_Engineers.webp","width":1400,"height":600,"hash":"Defending_Graph_QL_AP_Is_Challenging_to_Security_Engineers_960ba6a3e4","ext":".webp","mime":"image/webp","size":12.18,"url":"/img/strapi/Defending_Graph_QL_AP_Is_Challenging_to_Security_Engineers.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:05.565Z","updatedAt":"2023-09-11T15:18:01.858Z"}}},"related":[]}},{"id":7,"attributes":{"title":"How threat actors fingerprint your GraphQL APIs","author":"Shahar Binyamin \u0026 Inigo team","text":"In previous blog posts, we discussed what’s involved in the process of [detecting GraphQL servers](https://inigo.io/blog/how_threat_actors_detect_your_graphql_apis). Threat actors don’t stop there, the identification of a target is only the initial step in the process of achieving the greater goal of compromising a GraphQL API target. \n\nYou’ve identified a GraphQL server, now what? Well, the next step in the process is to learn all you can about the specific server. You may be asking yourself, aren’t all GraphQL servers the same; they just provide an API layer to some application? While this is true, the first thing you should know is that there are **many** GraphQL server implementations, not all of them are mature, and not all of them are well maintained.\n\nLet’s explore some of the GraphQL servers that are out there today. A good source for this is the [https://graphql.org/code](https://graphql.org/code) website, which lists client libraries, servers, tools as well services by the language they were written in. For this post, we’re going to focus only on server implementations. Below chart illustrates the number of GraphQL server implementations available today by language. You can find the detailed table at the bottom of this post.\n\n![GraphQL Servers Breakdown.png](/uploads/Graph_QL_Servers_Breakdown_fd16991ddd.png)\n\nAs you can see, there are many different server implementations. Most notable are PHP (22.8%) Golang (12.3%) JavaScript (10.5%) Java (8.8%) and Python (7%).\n\nWhy is this important? When threat actors target an application or server, they need to gather a few key data points to increase their chances of successfully breaking in:\n\n1. What platform is running?\n2. Is the source code available?\n3. What version is it on?\n4. Are there any known vulnerabilities for it?\n5. Are there any available exploits for the vulnerabilities?\n6. What security features are built into it?\n7. Are there any insecure settings shipped by default?\n\nTo be able to know the answer to these questions, you first need to fingerprint the target. But how do you fingerprint an API? Since GraphQL is just an API layer, you may be asking yourself: how would someone know what GraphQL implementation it is if they should all conform with the specification and return the same predictable response structure? Well, if you craft a careful enough payload that the server does not expect, all it will take is a small and subtle difference in the response to distinguish one server from another. Let’s explore what this looks like.\n\n![GraphQL Server Fingerprint.png](/uploads/Graph_QL_Server_Fingerprint_3a6d01008b.png)\n\nGraphQL supports three operation types: query, mutation and subscription as described in section 2.3 Operations in the [GraphQL specification](https://spec.graphql.org/October2021/#sec-Language.Operations). What would happen if an operation that doesn’t exist is provided, and what would the server respond with? Let’s find out:\n\n```\nqueryyy { # notice the typo\n __typename\n}\n```\n\nUsing curl, we will send this malformed query to an Apollo-based GraphQL server\n\n\n```\n$ curl -s -X POST http://apollo.example.local -H \"Content-Type: application/json\" -d '{\"query\":\"queryyy { __typename }\"}' | jq\n\n{\n \"errors\": [\n {\n \"message\": \"Syntax Error: Unexpected Name \\\"queryyy\\\".\",\n \"extensions\": {\n \"code\": \"GRAPHQL_PARSE_FAILED\"\n }\n }\n ]\n}\n```\n\nSo, we have an errors key with a message of **Syntax Error: Unexpected Name \\\"queryyy\\\"**. Now, let’s do the same against a Graphene-based GraphQL server, a Python-based implementation.\n\n```\n$ curl -s -X POST http://graphene.example.local -H \"Content-Type: application/json\" -d '{\"query\":\"queryyy { __typename }\"}' | jq\n\n{\n \"errors\": [\n {\n \"message\": \"Syntax Error GraphQL (1:1) Unexpected Name \\\"queryyy\\\"\\n\\n1: queryyy { __typename }\\n ^\\n\",\n \"locations\": [\n {\n \"line\": 1,\n \"column\": 1\n }\n ]\n }\n ]\n}\n```\n\nNow we see that the error message is a little different. For example, instead of **Syntax Error** we now get **Syntax Error GraphQL** in the error message. This is an obvious difference that can help us pinpoint the implementation. \n\nTools that perform GraphQL fingerprinting surfaced over the years, such as [Graphw00f](https://github.com/dolevf/graphw00f) that make use of these subtle differences to arm ethical hackers with the necessary knowledge and give them the ability to perform more educated guesses during penetration tests.\n\nWe mentioned earlier that some implementations are more mature than others, and offer protections that others don’t. In future posts, we will cover various vulnerabilities of different implementations. Whether you are using a popular GraphQL server implementation, or completely wrote your own custom implementation, Inigo abstracts your GraphQL API layer and provides security protections so you don’t need to worry about securing your GraphQL server, we do that for you. \n\n## List of GraphQL server implementations available as of this writing\n\n\n| # | Implementation | Language | URL |\n| -- | ------------------------------------ | ---------- | ------------------------------------------------------------- |\n| 1 | graphql-js | JavaScript | https://graphql.org/graphql-js/ |\n| 2 | apollo | JavaScript | https://github.com/apollographql/apollo-server |\n| 3 | graphql-yoga | JavaScript | https://github.com/dotansimha/graphql-yoga |\n| 4 | express-graphql | JavaScript | https://github.com/graphql/express-graphql |\n| 5 | mercurius | JavaScript | https://github.com/mercurius-js/mercurius |\n| 6 | graphql-helix | JavaScript | https://github.com/contra/graphql-helix |\n| 7 | graphql-go | Golang | https://github.com/graphql-go/graphql |\n| 8 | gqlgen | Golang | https://github.com/99designs/gqlgen |\n| 9 | graphql-go (graph-gophers) | Golang | https://github.com/graph-gophers/graphql-go |\n| 10 | thunder | Golang | https://github.com/samsarahq/thunder |\n| 11 | graphql-relay-go | Golang | https://github.com/graphql-go/relay |\n| 12 | jaal | Golang | https://github.com/appointy/jaal |\n| 13 | eggql | Golang | https://github.com/andrewwphillips/eggql |\n| 14 | api-platform | PHP | https://api-platform.com/ |\n| 15 | graphql-php | PHP | https://github.com/webonyx/graphql-php |\n| 16 | WPGraphQL | PHP | https://github.com/wp-graphql/wp-graphql |\n| 17 | Lighthouse | PHP | https://github.com/nuwave/lighthouse |\n| 18 | Siler | PHP | https://github.com/leocavalcante/siler |\n| 19 | GraphQLBundle | PHP | https://github.com/overblog/GraphQLBundle |\n| 20 | GraphQLite | PHP | https://github.com/thecodingmachine/graphqlite |\n| 21 | Ralit | PHP | https://github.com/railt/railt |\n| 22 | graphql-relay-php | PHP | https://github.com/ivome/graphql-relay-php |\n| 23 | GraphQL by PoP | PHP | https://github.com/leoloso/PoP |\n| 24 | GraphQL API for WordPress | PHP | https://github.com/leoloso/PoP |\n| 25 | GraPHPinator | PHP | https://github.com/infinityloop-dev/graphpinator |\n| 26 | serge | PHP | https://github.com/kepawni/serge |\n| 27 | graphql-java | Java | https://github.com/graphql-java/graphql-java |\n| 28 | Domain Graph Service (DGS) Framework | Java | https://github.com/netflix/dgs-framework |\n| 29 | graphql-kotlin | Java | https://github.com/ExpediaGroup/graphql-kotlin |\n| 30 | GraphQL Spring Boot | Java | https://github.com/graphql-java-kickstart/graphql-spring-boot |\n| 31 | KGraphQL | Java | https://github.com/aPureBase/KGraphQL |\n| 32 | graphql-dotnet | C# / .NET | https://github.com/graphql-dotnet/graphql-dotnet |\n| 33 | Hot Chocolate | C# / .NET | https://github.com/ChilliCream/hotchocolate |\n| 34 | NGraphQL | C# / .NET | https://github.com/rivantsov/ngraphql |\n| 35 | Graphene | Python | https://github.com/graphql-python/graphene |\n| 36 | Strawberry | Python | https://github.com/strawberry-graphql/strawberry |\n| 37 | Ariadne | Python | https://github.com/mirumee/ariadne |\n| 38 | Tartiflette | Python | https://github.com/tartiflette/tartiflette |\n| 39 | Graphiti | Swift | https://github.com/GraphQLSwift/Graphiti |\n| 40 | GraphZahl | Swift | https://github.com/nerdsupremacist/GraphZahl |\n| 41 | Juniper | Rust | https://github.com/graphql-rust/juniper |\n| 42 | Async-graphql | Rust | https://github.com/async-graphql/async-graphql |\n| 43 | graphql-ruby | Ruby | https://github.com/rmosolgo/graphql-ruby |\n| 44 | Agoo | Ruby | https://github.com/ohler55/agoo |\n| 45 | Absinthe | Elixir | https://github.com/absinthe-graphql/absinthe |\n| 46 | graphql-elixir | Elixir | https://github.com/graphql-elixir/graphql |\n| 47 | Sangria | Scala | https://github.com/sangria-graphql/sangria |\n| 48 | Caliban | Scala | https://github.com/ghostdogpr/caliban |\n| 49 | Iacinia | Clojure | https://github.com/walmartlabs/lacinia |\n| 50 | graphql-cli | Clojure | https://github.com/tendant/graphql-clj |\n| 51 | alumbra | Clojure | https://github.com/alumbra/alumbra |\n| 52 | Morpheus GraphQL | Haskell | https://github.com/morpheusgraphql/morpheus-graphql |\n| 53 | Mu-Haskell | Haskell | https://github.com/higherkindness/mu-haskell |\n| 54 | ocaml-graphql-server | OCaml | https://github.com/andreas/ocaml-graphql-server |\n| 55 | graphql-erlang | Erlang | https://github.com/jlouis/graphql-erlang |\n| 56 | ghql | R | https://github.com/ropensci/ghql |\n| 57 | gorm-graphql | Groovy | https://github.com/grails/gorm-graphql |\n| 58 | graphql-perl | Perl | https://github.com/graphql-perl/graphql-perl |\n| 59 | graphqld | D | https://github.com/burner/graphqld |\n\n\n","short_text":"\u003cp\u003eYou’ve identified a GraphQL server, now what? Well, the next step in the process is to learn all you can about the specific server.\u003c/p\u003e\n","createdAt":"2022-08-31T06:29:58.570Z","updatedAt":"2023-09-11T15:25:28.846Z","publishedAt":"2022-09-06T14:22:29.333Z","path":"how_threat_actors_fingerprint_your_graphql_apis","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-09-06","keywords":null,"cover":{"data":{"id":271,"attributes":{"name":"How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp","alternativeText":"How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp","caption":"How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp","width":1400,"height":600,"hash":"How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is_e003468998","ext":".webp","mime":"image/webp","size":26.22,"url":"/img/strapi/How_Threat_Actors_Fingerprint_your_Graph_QL_AP_Is.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:07.383Z","updatedAt":"2023-09-11T15:25:24.976Z"}}},"related":[{"id":27,"url":"how_threat_actors_detect_your_graphql_apis"},{"id":28,"url":"you-dont-need-to-disable-introspection"},{"id":29,"url":"inigo-is-a-proud-new-member-of-the-graphql-foundation"}]}},{"id":6,"attributes":{"title":"How threat actors detect your GraphQL APIs","author":"Shahar Binyamin \u0026 Inigo team","text":"Threat actors are after your APIs. Whether it’s your data that they’re interested in, or abusing your services for their financial gain. The reasons why threat actors target different organizations can vary, but one of the first steps they take in their hacking methodology is often consistent and predictable - **information gathering** or **reconnaissance**.\n\nWhen hackers gather information on a target application, they do so both passively and actively. Passive information gathering does not involve sending packets to the targeted application - it involves gathering information through other channels that are indirect to the main application or the company operating it as a means to remain stealthy (but not only). For example, passive information gathering can be done by looking up the company’s name on GitHub in hopes of finding public repositories that could give them hints on what technologies are in use, or to find credentials that were hard-coded but forgotten about that they can then reuse.\n\nActive information gathering involves communicating with the application, this requires the threat actors to send some traffic to the application. Imagine you are defending a large-scale application that serves millions of clients. You can appreciate how difficult it becomes to identify anomalous behavior if you don’t know what anomalous traffic could look like. Inigo’s solution not only allows cherry-picking those GraphQL queries that are targeting your application in a riskier way and surface the interesting ones to your security team, but also block and alert on them.\n\n![How Threat Actors Detect your GraphQL APIs.png](/uploads/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_26f3a8ef35.png)\n\n## GraphQL Endpoint Detection\nGraphQL introduces a shift in how clients request their data from applications using its innovative declarative query language. In GraphQL, clients express their intent using a query payload. If you ever used REST APIs, you may recall that in REST, a client’s intention is expressed by the combination of the HTTP method (GET, PUT, POST, DELETE) and the resource path (such as /v1/users). For instance, a GET request to /v1/users would result in fetching the list of all users of a given application.\n\nGraphQL, on the other hand, uses a single endpoint (such as /graphql) and some query to fetch a list of users. Such query could look like the following:\n```\nusers {\n name\n email\n}\n```\n\nSo, how can threat actors discover whether an application is using GraphQL or another API technology? They do so by sending some query (the query does not have to be a valid one) to a list of possible endpoints that GraphQL may exist on, and observing the responses returned by the server.\n\nFor example, this is how a cURL request to a GraphQL endpoint could look like:\n```\n$ curl https://example.inigo.io/graphql -d '{\"query\":\"query { users { name email } }\"}' -H \"Content-Type: application/json\"\n```\n\nA typical GraphQL response is in JSON, and includes data or errors (or both) objects, which give away the fact this is a GraphQL API that responded:\n```\n{\"errors\":[{\"message\":\"Cannot query field \\\"users\\\" on type \\\"Query\\\".\",\"extensions\":{\"code\":\"GRAPHQL_VALIDATION_FAILED\"}}]}\n ```\n\nThis method can then be automated so queries run against multiple endpoints in parallel. Possible endpoints could be:\n- /graphql\n- /query\n- /api\n- /playground\n- /console\n- /graphiql\n\nIf API versioning is in place, you may find GraphQL located in paths such as:\n- /v1/graphql\n- /v2/graphql\n- /v1/query\n- /v2/query\n- /v1/console\n- /v2/console\n\nAs you can see, APIs can be present in different locations. GraphQL servers can also be customized to point to a completely arbitrary location that isn’t on the list above. However, GraphQL API responses are often predictable, as dictated by the official GraphQL specification [Response Format](https://spec.graphql.org/October2021/#sec-Response-Format) section (7.1), allowing actors to identify that GraphQL is the interface which they are interacting with. Here is an excerpt of the response format section:\n\n\u003e A response to a GraphQL request must be a map.\nIf the request raised any errors, the response map must contain an entry with key errors. The value of this entry is described in the “Errors” section. If the request is completed without raising any errors, this entry must not be present.\nIf the request included execution, the response map must contain an entry with key data. The value of this entry is described in the “Data” section. If the request failed before execution, due to a syntax error, missing information, or validation error, this entry must not be present.\nThe response map may also contain an entry with key extensions. This entry, if set, must have a map as its value. This entry is reserved for implementors to extend the protocol however they see fit, and hence there are no additional restrictions on its contents.\n\nThis means that keys such as **data**, **errors** and **extensions** are all keys you may find in a GraphQL response. Armed with this knowledge, threat actors can build this logic into scanning tools to find where your GraphQL APIs live. In a future post, we will explore what threat actors might do after a GraphQL server was found.\n\nWhen threat actors are performing an information gathering activity, they typically try different variations of queries. Some may be valid, some may not. Invalid queries could result in server exceptions. Inigo’s solution provides a layer of protection for your GraphQL APIs, our unique position in your architecture allows us to detect malformed queries against existent and non-existent endpoints and mitigate against such activity. Using our GraphQL Security and Management solution. Reach out to us for more information. \n\n\n","short_text":"\u003cp\u003eThreat actors are after your APIs. Whether it’s your data that they’re interested in, or abusing your services for their financial gain.\u003c/p\u003e\n","createdAt":"2022-08-27T04:50:13.690Z","updatedAt":"2023-09-11T15:25:53.469Z","publishedAt":"2022-08-29T18:30:29.433Z","path":"how_threat_actors_detect_your_graphql_apis","author_twitter":"https://twitter.com/ShacharBinyamin","date":"2022-08-29","keywords":null,"cover":{"data":{"id":255,"attributes":{"name":"How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp","alternativeText":"How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp","caption":"How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp","width":1400,"height":600,"hash":"How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header_423fc2152b","ext":".webp","mime":"image/webp","size":17.79,"url":"/img/strapi/How_Threat_Actors_Detect_your_Graph_QL_AP_Is_Header.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:05.723Z","updatedAt":"2023-09-11T15:25:52.619Z"}}},"related":[{"id":24,"url":"how-secure-is-your-graph-ql-server"},{"id":25,"url":"you-dont-need-to-disable-introspection"},{"id":26,"url":"inigo-is-a-proud-new-member-of-the-graphql-foundation"}]}},{"id":5,"attributes":{"title":"Inigo is a proud new member of the GraphQL Foundation","author":"Shahar Binyamin","text":"As a technology company fully focused on building the best and most secure GraphQL API experiences for developers, DevOps teams, and security architects, we are incredibly excited by Inigo's growing role in the GraphQL ecosystem. The open source data query language has proven—over and over again and at scale—that teams can confidently escape REST API limitations and build faster and more stable applications. Developers have largely driven the rise of GraphQL within their organizations, as they seek ways to more easily unlock the potential of APIs and harness more powerful developer tools.\n\nToday, Inigo is proud to announce it is the newest member of the prestigious [GraphQL Foundation](https://graphql.org/foundation), the powerful and supportive community dedicated to promoting the widespread adoption of GraphQL and accelerating the development of its surrounding ecosystem. We join a select group of companies, including AWS, Meta, Twitter, Goldman Sachs, and PayPal, invested in the long-term success of GraphQL. Purpose-built to be an easy on-ramp that ensures teams can realize GraphQL’s full potential while hardening security around it, Inigo is closely aligned with the GraphQL Foundation’s goals. \n\nInigo is a platform-agnostic, plug-and-play GraphQL API management platform that is ready to support any of the open source or commercial GraphQL servers available today. By doing so, Inigo evens the playing field wherever support gaps exist within particular GraphQL server options—ensuring that developers and organizations can be successful with the implementations of their choice. Additionally, Inigo provides visibility and analytics to help early adopters quickly master their GraphQL deployments and usage patterns. \n\nDevelopers and DevOps teams also gain the monitoring and observability tools they need to operate and scale GraphQL servers efficiently, and use real-time data to detect and avoid break change incidents. Inigo enhances developer experiences with CI/CD tooling that eliminates challenging custom builds and fixes, empowering developers to focus instead on core tasks. The GraphQL API management platform delivers high-throughput and low-latency that lets developers work faster, along with plug-and-play ease of integration (ready in 20 minutes or less). \n\nFrom a security perspective, Inigo automatically defends GraphQL attack surfaces from the full spectrum of cyberattacks, offering a developer-driven approach to enabling protections against GraphQL vulnerabilities. Inigo empowers security architects by providing declarative configuration and schema-based access control for introspection separation (with field and argument granularity).\n\nThe team at Inigo is excited to bring first-class capabilities to GraphQL users and offer developer-friendly alternatives to existing tooling—and especially now as a member of the GraphQL Foundation. Inigo is currently in beta, and eager to engage with early users to demonstrate how they can use the platform to supercharge their GraphQL visibility, operations, security, and success.","short_text":"\u003cp\u003eInigo is proud to announce it is the newest member of the \u003ca target=\"_blank\" href=\"https://graphql.org/foundation\"\u003eGraphQL Foundation\u003c/a\u003e, the powerful and supportive community dedicated to promoting the widespread adoption of GraphQL and accelerating the development of its surrounding ecosystem.\u003c/p\u003e\n","createdAt":"2022-08-20T02:00:22.130Z","updatedAt":"2023-09-11T15:21:30.130Z","publishedAt":"2022-08-22T18:17:48.208Z","path":"inigo-is-a-proud-new-member-of-the-graphql-foundation","author_twitter":"https://twitter.com/shacharbinyamin","date":"2022-08-19","keywords":null,"cover":{"data":{"id":270,"attributes":{"name":"inigo_joins_graphql_foundation.webp","alternativeText":"inigo_joins_graphql_foundation.webp","caption":"inigo_joins_graphql_foundation.webp","width":1400,"height":600,"hash":"inigo_joins_graphql_foundation_6c9a603df0","ext":".webp","mime":"image/webp","size":21.26,"url":"/img/strapi/inigo_joins_graphql_foundation.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:07.380Z","updatedAt":"2023-09-11T15:21:29.389Z"}}},"related":[{"id":21,"url":"how-secure-is-your-graph-ql-server"},{"id":23,"url":"you-dont-need-to-disable-introspection"},{"id":22,"url":"all-the-knobs-graphql-security-guardrails"}]}},{"id":4,"attributes":{"title":"All The Knobs - Security guardrails for GraphQL attack surfaces","author":"Shahar Binyamin","text":"So far, we've covered [GraphQL Security Awareness](https://inigo.io/blog/how-secure-is-your-graph-ql-server) and have understood that [No, You Don't Need to Disable Introspection](https://inigo.io/blog/you-dont-need-to-disable-introspection). Now, let's take a look at the different security knobs needed to guardrail a healthy GraphQL request.\n\n## It’s All About DoS\nGraphQL DoS (Denial of Service) attacks target GraphQL parsers, GraphQL resolvers, and the underlying DBs in a single API call. They include batching, nested, heavy and complex, N+1, and circular attacks which can bring your server down and affect server availability.\n\nFortunately, it is possible to protect your server from these attacks with the help of a set of guardrails and GraphQL usage-based rate-limiting.\n\n\n![All the knobs - GraphQL Attack Surfaces.png](/uploads/All_the_knobs_Graph_QL_Attack_Surfaces_f67bc38145.png)\n\n## How to Protect - Inbound\nBelow is a list of security knobs that any GraphQL adopter should implement. Ideally, these configurations are set together with per-role access control to limit attacks.\n\n![All The knobs - GraphQL Security - Inbound.png](/uploads/All_The_knobs_Graph_QL_Security_Inbound_8f9a279d13.png)\n\n#### Limit Directives\nAs one of our favorite security knobs, limit directives help to guard against parser overload attacks.\nOverloading the parser with hundreds of directives can result in the server crashing without the request reaching the resolvers. (Credits: [@unixhopper](https://twitter.com/unixhopper))\n\n![GraphQL Limit Directives for Parser Attack.png](/uploads/Graph_QL_Limit_Directives_for_Parser_Attack_e4ced2233a.png)\n\n#### Limit Depth\nHelps to guard against nested and N+1 attacks that overload resolvers and DB with complexity and loops.\n\n![GraphQL Limit Depth for Nested Attack.png](/uploads/Graph_QL_Limit_Depth_for_Nested_Attack_797afe467d.png)\n\n#### Limit Height\nHelps to guard against alias attacks like overloading DB access for the same field or type.\n\n![GraphQL Limit Height for Alias Attack.png](/uploads/Graph_QL_Limit_Height_for_Alias_Attack_e8e02c300f.png)\n\n#### Limit Root Fields\nHelps to guard against batch attacks like password guessing and OTA bypassing.\n\n![GraphQL Limit Root Fields for Batch Attack.png](/uploads/Graph_QL_Limit_Root_Fields_for_Batch_Attack_995f0888e4.png)\n\n#### Limit Request Size\nOffers fallback protection for complex requests by limiting the size of the request.\n\n#### Force Operation Name [Bonus]\nMake sense of your analytics and telemetry. While the uniqueness of the name can’t be enforced, having a name makes it much easier to gain context of the call and differentiate it from other calls when reviewing API usage.\n\n![Graph_QL Improve visibility and force name@2x.webp](/uploads/raph_QL_Improve_visibility_and_force_name_2x_64fb1739c6.webp)\n\n## How to Protect - Outbound\n#### Demand-based Rate Limiting (aka Usage-based)\nWe found that the most robust way to think about GraphQL Rate Limiting is to look at the server’s consumption and real usage. Counting each query’s returned objects against a timeframe limit (e.g. 1,000 credits per minute).\n\nCredits can be configured in a few ways: \n- Statically Configured - All objects are counted as 1 credit.\n- Manually Configured - Since not all fields are equal, some may take more time to retrieve than others (e.g. computed fields). In this configuration, developers can manually assign different credit weights to different types and fields.\n- Dynamically Configured - Credits are calculated based on the GraphQL tracing and server time to respond.\n\nThis approach works best with granular access control, where heavy-usage roles have a larger allowance as opposed to other roles or even unauthenticated calls.\n\n#### Cost Analysis-based Rate Limiting (aka Predictive-based)\nAlternatively, if you are using GraphQL-JS, there are a few libraries that might help to predict the complexity of a query:\n- [GraphQL Validation Complexity](https://github.com/4Catalyzer/graphql-validation-complexity) (GraphQL-js only)\n- [GraphQL Query Cost Analysis](https://github.com/pa-bru/graphql-cost-analysis) (GraphQL-js only)\n\n#### Limit Response Size\nIf all else fails, limit the size of the response.\n\n## What’s Next\nReady to defend against GraphQL server attacks? Inigo can help! [Schedule a demo now.](https://inigo.io/demo)\n\nInigo offers a platform-agnostic approach to remove barriers and open possibilities for any open-source or commercial GraphQL server.\n\nBe sure to subscribe to our newsletter to get notified of our next posts, where we dive deeper into GraphQL-specific attacks.\n\n\n","short_text":"\u003cp\u003eGraphQL DoS (Denial of Service) attacks target GraphQL parsers, GraphQL resolvers, and the underlying DBs in a single API call.\u003c/p\u003e\n\u003cp\u003eIt is possible to protect your server from GraphQL's attack surfaces with a set of guardrails and GraphQL usage-based rate-limiting.\u003c/p\u003e\n","createdAt":"2022-05-27T20:56:30.111Z","updatedAt":"2023-09-11T15:32:44.728Z","publishedAt":"2022-05-30T03:22:24.721Z","path":"all-the-knobs-graphql-security-guardrails","author_twitter":"https://twitter.com/shacharbinyamin","date":"2022-05-27","keywords":null,"cover":{"data":{"id":267,"attributes":{"name":"All_the_knobs_Graph_QL_Guardrails_Cover.webp","alternativeText":"All_the_knobs_Graph_QL_Guardrails_Cover.webp","caption":"All_the_knobs_Graph_QL_Guardrails_Cover.webp","width":1400,"height":600,"hash":"All_the_knobs_Graph_QL_Guardrails_Cover_abbe8baeed","ext":".webp","mime":"image/webp","size":15.41,"url":"/img/strapi/All_the_knobs_Graph_QL_Guardrails_Cover.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:07.334Z","updatedAt":"2023-09-11T15:32:44.010Z"}}},"related":[{"id":12,"url":"how-secure-is-your-graph-ql-server"},{"id":13,"url":"you-dont-need-to-disable-introspection"},{"id":14,"url":"inigo-is-a-proud-new-member-of-the-graphql-foundation"}]}},{"id":3,"attributes":{"title":"No, you don’t need to disable Introspection","author":"Shahar Binyamin","text":"As discussed in our last post, [How Secure is Your GraphQL Server?](https://inigo.io/blog/how-secure-is-your-graph-ql-server), inconsistencies in GraphQL implementations are common among the different GraphQL offerings.\n\nLet’s take a closer look at how granular access control can help protect from weaknesses around schema fetching.\n\n## Schema Fetching\nIntrospection, field suggestions, and field fuzzing play a significant role in equipping abusers with information on their target’s functionality by allowing insecure data mapping and sensitive information disclosure.\n\n### Introspection\nFor many developers, the common practice is to disable Introspection – the first topic you come across when researching methods to secure your GraphQL. As a result, the discoverability nature of the feature will be lost. Those who choose to keep Introspection open are left with an “all-or-nothing” dilemma, exposing sections of the schema to users who don’t have access.\n\n### Field Suggestions\nThe vast majority of GraphQL implementations don’t offer developers control for field suggestions, which allows abusers to quickly map the schema using field fuzzing even when Introspection is disabled. Supplying incorrect fields will trigger GraphQL to disclose fields with similar names.\n\n![Granular Introspection Access Control Response.png](/uploads/Granular_Introspection_Access_Control_Response_e034ffb94b.png)\n\n## How to Protect\nIf you are looking for an approach that can both limit the visibility of the schema and allow your users to explore it, consider role-based granular access control.\n\nInigo allows developers to configure edge-based access control, resulting in a different Introspection experience per role while still maintaining one schema. Based on their role, users will only be exposed to the types and fields they have access to. \n\n### Benefits\n- Limited visibility\n- Reduce users confusion\n- Keep abusers in the dark\n\n### Starwars GraphQL example:\n\n![Granular Introspection Access Control.png](/uploads/Granular_Introspection_Access_Control_fef37268cd.png)\n\nWith Inigo’s granular Introspection access control, field suggestions are disabled while only approved fields are visible via Introspection per role – regardless of the specific GraphQL server implementation. As a result, multiple variations of Schema Fetching are prevented, allowing you to feel more confident in the security of your GraphQL server. \n\n![Field Suggestions With Granular Introspection Access Control](/uploads/Field_Suggestions_With_Granular_Introspection_Access_Control_2dd0ef5fea.png)\n\n## What’s Next\nReady to defend against GraphQL server attacks? Inigo can help! [Schedule a demo now.](https://inigo.io/demo)\n\nInigo offers a platform-agnostic approach to remove barriers and open possibilities for any open-source or commercial GraphQL server.\n\nBe sure to subscribe to our newsletter to get notified of our next posts, where we dive deeper into GraphQL-specific attacks.\n","short_text":"\u003cp\u003eA closer look at how granular access control can help protect from weaknesses around Introspection, field suggestions, and field fuzzing.\u003c/p\u003e\n","createdAt":"2022-05-20T20:35:53.756Z","updatedAt":"2023-09-25T13:56:18.801Z","publishedAt":"2022-05-20T21:02:53.028Z","path":"you-dont-need-to-disable-introspection","author_twitter":"https://twitter.com/shacharbinyamin","date":"2022-05-20","keywords":null,"cover":{"data":{"id":284,"attributes":{"name":"Granular_Introspection_Access_Control.webp","alternativeText":"Granular_Introspection_Access_Control.webp","caption":"Granular_Introspection_Access_Control.webp","width":1400,"height":600,"hash":"Granular_Introspection_Access_Control_a55c3317ef","ext":".webp","mime":"image/webp","size":24.76,"url":"/img/strapi/Granular_Introspection_Access_Control.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:08.759Z","updatedAt":"2023-09-25T13:56:16.478Z"}}},"related":[{"id":18,"url":"how-secure-is-your-graph-ql-server"},{"id":19,"url":"inigo-is-a-proud-new-member-of-the-graphql-foundation"},{"id":20,"url":"all-the-knobs-graphql-security-guardrails"}]}},{"id":2,"attributes":{"title":"How secure is your GraphQL server?","author":"Shahar Binyamin","text":"Like any new technology, security awareness is often lagging behind adoption. For this reason, GraphQL attack surfaces are bound to unfold for many of its users. These attacks range from Parser Attacks and Resolver Attacks to Data Manipulation and even Data Leaks. \n\nGraphQL attack surfaces are quite unique. An attacker can target one or more surfaces with one API call that would easily pass through any standard API gateway. Here we’ll discuss the implications of an unsecured GraphQL server and who could be at risk, so keep reading to learn more. \n\n## GraphQL Security Awareness\n\nTo get a better understanding of GraphQL security awareness amongst users, we decided to conduct a short survey. Our Reddit GraphQL survey titled ”How Do You Think About GraphQL Security?” had an interesting but not surprising spread of replies.\n\n![GraphQL Security Awareness Survey.png](/uploads/Graph_QL_Security_Awareness_Survey_b8876fbf4d.png)\n\nDuring one-on-one interviews, participants who were already aware of GraphQL’s attack surfaces reported that this knowledge came from a negative experience: their own servers had been compromised. \n\n## Who is Impacted\n\nMost of us.\n\nWhile GraphQL builds are [available](https://graphql.org/code/) in any programming language you could ask for, they are not all built the same nor do they have the same supportive community size or security awareness. Just this week, a circular-fragment attack was demonstrated to crash [Aago](https://github.com/ohler55/agoo)’s Ruby-Server implementation on GitHub and was reported as [CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30288). \n\n[Nick Aleks](https://twitter.com/Nick_Aleks) and [Dolev Farhi](https://twitter.com/dftrace) did a fantastic job detecting and documenting vulnerabilities across multiple GraphQL:\n\n![GraphQL servers implementation.png](/uploads/Graph_QL_servers_implementation_859d62f5d0.png)\n\n(Source: [GitHub](https://github.com/nicholasaleks/graphql-threat-matrix))\n\nLarge resource-heavy engineering teams usually end up developing in-house tooling and building blocks to customize and tighten their GraphQL deployments. This approach is not always easy to maintain and is often prone to errors. [HackerOne](https://hackerone.com/hacktivity?querystring=graphql) is another excellent source that further explains how GraphQL attacks impacted different companies. \n\nSo, how secure is your GraphQL server? Unfortunately, it’s not so much a question of if a GraphQL attack will happen to you, but when.\n\n## What’s Next\n\nReady to defend against GraphQL server attacks? Inigo can help! [Schedule a demo now.](https://inigo.io/demo)\n\nInigo offers a platform-agnostic approach to remove barriers and open possibilities for any open-source or commercial GraphQL server.\n\nBe sure to subscribe to our newsletter to get notified of our next posts, where we dive deeper into GraphQL-specific attacks.","short_text":"\u003cp\u003eLike any new technology, security awareness is often lagging behind adoption. For this reason, GraphQL attack surfaces are bound to unfold for many of its users.\u003c/p\u003e\n","createdAt":"2022-05-13T17:33:29.212Z","updatedAt":"2024-04-26T13:27:20.173Z","publishedAt":"2022-05-13T17:33:30.626Z","path":"how-secure-is-your-graph-ql-server","author_twitter":"https://twitter.com/shacharbinyamin","date":"2022-05-13","keywords":null,"cover":{"data":{"id":269,"attributes":{"name":"post_1_1.webp","alternativeText":"post_1_1.webp","caption":"post_1_1.webp","width":1400,"height":600,"hash":"post_1_1_4ae370a113","ext":".webp","mime":"image/webp","size":15.23,"url":"/img/strapi/post_1_1.webp","previewUrl":null,"provider":"local","provider_metadata":null,"createdAt":"2023-02-15T21:18:07.369Z","updatedAt":"2023-09-25T13:56:49.577Z"}}},"related":[{"id":15,"url":"inigo-is-a-proud-new-member-of-the-graphql-foundation"},{"id":16,"url":"you-dont-need-to-disable-introspection"},{"id":17,"url":"all-the-knobs-graphql-security-guardrails"}]}}]},"__N_SSG":true},"page":"/blog","query":{},"buildId":"YOApxyMKoXfbalFz9PQVs","isFallback":false,"dynamicIds":[2352,1333],"gsp":true,"appGip":true,"scriptLoader":[]}</script></body></html>