Scrums.com logomark
SovTech is now Scrums.com! Same company, new name.
Read more here

Issue #13 – Federated GraphQL

Issue #13 – Federated GraphQL

Ofentse Mokgosi
February 22, 2023
Blog cover image

Issue #13 – Federated GraphQL

<1/> Federated GraphQL

Scaling monolith applications can become a headache for teams. As the codebase grows, it becomes almost tedious to onboard new developers, at times small changes can break parts of the application. The question then is how do we design enterprise applications with all these future problems in mind? Well, when making architectural decisions, we need to account for the fact that our codebase could grow, maybe our API surface grows, new application features could be introduced, often we default to microservices as our solution.

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally.

Federation is way of combining your GraphQL APIs into a single supergraph, it is Apollo‘s answer for developing GraphQL servers in a microservices architecture. Having a single graph is a way of staying true to Principled GraphQL, stating that to get the best out of GraphQL we need to access data and services from a single query. There is not that much difference in implementation between a normal single graph API and a federated subgraphed API, in federated the client interacts with the router, and the router is smart enough to know which requests need which subgraph.

In a federated architecture, your individual GraphQL APIs are called subgraphs, and they’re composed into a supergraph. By querying your supergraph, clients can query all of your subgraphs at the same time

Well, as your application grows, in the codebase, users, and features, you might need to scale the team also, now as the team grows, that does not necessarily mean that development time decreases, however, we need to ensure that development time decrease or stays the same. Federation, encourages a design principle called separation of concerns, meaning we could break down our team into sub-teams, working on specific products and features in this single unified graph, each team owns their subgraph, and as new members join, there is less scope to cover when onboarding developers.

<2/>Deeper Dives

Netflix TechBlogNetflix Technology BlogLearn how Netflix uses GraphQL federation for its API architecture, offering a unified, curated API powered by decoupled back-end services.How Netflix Scales its API with GraphQL Federation (Part 1)
Netflix TechBlogNetflix Technology BlogLearn what’s needed to migrate to and run a federated GraphQL API platform successfully.How Netflix Scales its API with GraphQL Federation (Part 2)
Apollo GraphQL BlogJesse RosenbergerEngineering ManagerToday, we’re excited to unveil our next-generation GraphQL Federation runtime: the Apollo Router. The Apollo Router is written in Rust, and it is fast. Early benchmarks show that the Router adds less than 10ms of latency to each operation, and it can process 8x the load of the JavaScript Apollo Gate…Apollo Router: our GraphQL Federation runtime in Rust

<3/>The Weekly Dev

Photo by Markus Spiske
Photo by Markus Spiske

NextAuth is an authentication solution for NextJS applications. Instead of taking a lot of development time trying to perfect authentication, you could just rely on NextAuth to lift the weight for you. The code that is on the front page is almost all you need to get your authentication up and running. Out of the box, it supports a wide pool of authentication providers, providers are services that can be used to sign in the user. With NextAuth there are four ways to sign in your users, a built-in OAuth Provider, a custom OAuth Provider, email, and credentials. It is not opinionated about what database you should use, can also be configured without a database. Another concept that comes with NextAuth is adapters, these are what connect your application to the database that you are using, and because you can set up your application without a database, adapters are optional.
That is it, no more authentication headaches!

A critical authentication bypass flaw in an NPM package could allow a malicious actor to take over a victim’s email account.

Do not worry that has been patched at the time of writing this. This flaw was related for applications that were using EmailProvider in versions before either v4.10.3 or v3.29.10
You can go through setting up authentication for your application with these guides:

NextAuth.jsIntroduction | NextAuth.jsAbout NextAuth.js

<4/>Inside the console

Security breaches are happening by the day and having monitoring tools that can provide insight into how or what cause a breach is important.

AWS CloudTrail helps us monitor user activity across our infrastructure, not only is the monitoring at application level, but events in the AWS console are also monitored and logged, on the paid version you get access to AWS Cloudtrail Insights. Insights are events that Cloudtrail detects unusual activity.AWS Cloudtrail is enabled by default and is always on.

Checkout a list of features and pricing in the service

<5/>Geeking it up

Gum
A tool for writing glamorous shell scripts.

Pocketbase
PocketBase is an open source backend consisting of embedded database (SQLite) with realtime subscriptions, built-in users management, convenient dashboard UI and simple REST-ish API.

Bun
Bun is a new JavaScript runtime with a native bundler, transpiler, task runner and npm client built-in.

As seen on FOX, Digital journal, NCN, Market Watch, Bezinga and more
Scale Your Development Team
Faster With Scrums.com
Get in touch and let's get started
Book a Demo
Tick
Cost-effective
Tick
Reliable
Tick
Scalable