Techniques to Protect Your GraphQL API

First presented at GraphQLConf 2024 in San Francisco.

Resources:

• Video [TODO]
• Slides (PDF) - do not distribute, only for personal educational use
• Detailed security article covering the topics of this talk.

Read the article rather than the slides!

The article includes more details on each of the various validation rules and so on that I mentioned in the talk. Rather than referencing the slides, reading the article will likely confer more benefit.

Permission to reproduce business card

I, Benjie, am the original author of this business card, and its copyright remains with me. Permission is hereby granted for anyone viewing the above business_card.png file to print as many copies of the business card as they like and distribute them to attendees of GraphQL-related events and so on. Permission is only granted to be printed verbatim: no attribution, web addresses, etc may be printed on the cards or their reverse (though you can handwrite whatever you want on the backs, this must be done by hand). Please respect the intent of the card: everyone who can use Trusted Documents should use Trusted Documents, and it should not matter what software or vendor solutions they are using to do so.