GraphQL London #15 hosted at Microsoft Reactor

Hi everyone! 😃

Yay! Time flies and we are already back! Same as last time Microsoft Reactor will be hosting us and sharing their amazing venue!

Our first speaker, Guillaume Scheibel from Apollo GraphQL will discuss two strategies for splitting up a large GraphQL API into smaller pieces: schema stitching and schema federation! ✨🦄

This is not dejavu, last meetup Guillaume had to cancel but he is trying for a second time.

=== Talks and Speakers
• Schema composition: when independence meet cohesion (by Guillaume Scheibel)
Guillaume is a developer at Apollo GraphQL. He previously worked for Expedia Group, and co-founded the ElsassJUG JUG (Strasbourg). He contributes to two open source projects (Hibernate OGM and Infinispan).

When you start a new GraphQL API for clients, they are happy to have some choice about what data they want. As the schema grows and more features are added, you need to access other systems like databases or streams. Suddenly you realise that your API is becoming too big and complex to manage. Do you split it into smaller APIs? If so, your clients will have to integrate with each of them separately—which can be confusing and error-prone. During this talk, we are going to talk about 2 types of composition: schema stitching and schema federation.

• Schema-first GraphQL in Python: Ariadne’s story (by Rafał Pitoń)
Rafał, a full-stack developer at Mirumee, a Polish software house known for creating Saleor—a very successful e-commerce product. He is co-creator of Ariadne, a Python framework for building GraphQL servers, and creator of Misago—Python-based forum software written with React.

In 2018, Mirumee released Ariadne to the world. We've learned quite a bit about how people are building their GraphQL APIs since then. In this talk, Rafał will walk through how user expectations and Python have shaped Ariadne over the years.

• GraphQL Critical Security Vulnerabilities (by Tristan Kalos)
Tristan is co-founder and CEO at Escape, which recently joined the GraphQL Foundation. He has spent the last two years exploring the security implications of GraphQL and released GraphQL.Security, the first online and free security checker for GraphQL.

Best practices for securing GraphQL APIs are not widespread. At Escape, we audited hundreds of endpoints and commonly found critical vulnerabilities. In this talk, Tristan will present 3 critical vulnerabilities the Escape team faced recently, how they happened, and how to fix them:

• A Google Cloud token leak in a Banking app that uses GraphQL as a proxy for REST
• A hashed password leak in a Software Development Platform that generates its GraphQL Schema from its database
• A critical Denial of Service in an E-commerce platform relying on GraphQL for file uploads

=== Sponsors

• Snacks and soft drinks provided by Microsoft Reactor
• Venue and talks recording provided by Microsoft Reactor

=== Previous talks (12 recordings)

• Watch previous talks and be up-to-date subscribing at:
  https://www.youtube.com/c/GraphQLTalks?sub_confirmation=1

=== Want to speak at our event?

• Send your talk proposals to www.papercall.io/graphql-london

We are very excited about this event! Don't miss this chance to catch up on GraphQL and register before it's SOLD OUT!

Doors will open at 5:30pm to start at 6pm sharp.

Sounds good? See you there!
GraphQL London.