A new release of Stargate.io was applied to Astra DB that includes an exciting new feature: aggregate functions! If you’re not familiar with aggregate functions, they are functions that look at the data as a whole and perform a function like min(), max(), sum(), count() and avg().
Until now, aggregate functions were only available using cqlsh (the CQL Shell). However, with the Stargate 1.0.25 release they are now also available using the GraphQL API. In this blog entry, I’ll walk you through the process to get early access to this exciting new functionality in Stargate, and how to setup everything you need to test your own aggregate queries.
As an alternative to REST, GraphQL is quickly gaining popularity as a tool for building APIs and fetching declarative data. This Refcard introduces GraphQL concepts such as core design principles, schemas and types, fields, arguments, and lastly, how to secure your GraphQL APIs.
Introduction
If you’ve been building with GraphQL, you likely know how essential good schema design is. As the entry-point to all your GraphQL operations, it’s desirable to design a schema that’s easy to understand and work with, serves the needs of our clients today, and can be changed to fit their needs tomorrow.
This article teaches about the supergraph, platform thinking, and why it’s key to designing your graph for extensibility. We also discuss considerations that make federated schema design different from the monolithic approach. Finally, we cover the macro-level principles that help us design extensible and maintainable federated graphs.
This week, we have details of compromised Google Cloud accounts being used to mine cryptocurrency (mainly with weak or no passwords on API connections), there’s an article on how GraphQL can be used as an API gateway (including security controls), a very comprehensive guide to all things relating to API security, and a new API security training course from AppSecEngineer.
Vulnerability: Compromised Google Cloud Accounts Used to Mine Cryptocurrency
The main story this week comes from HackerNews and describes how attackers are able to exploit improperly secured Google Cloud Platform (GCP) tenants. The impact on affected users included compromising their cloud resources, like uploading cryptocurrency mining software, and ransomware and phishing attacks.
A modern GraphQL API layer for cloud-native applications needs to possess two characteristics: horizontal scalability and high availability.
Horizontal scalability adds more machines to your API infrastructure, whereas vertical scalability adds more CPUs, RAM, and other resources to an existing machine that runs the API layer. While vertical scalability works to a certain extent, the horizontally scalable API layer can scale beyond the capacity of a single machine.
In case you are completely new to GraphQL, I will recommend you to start with our Introduction to GraphQL or GraphQL Core Concepts
A schema is the core component of a GraphQL application. It defines the capabilities of the GraphQL application. To elaborate further, a GraphQL schema is like a description of the data available from your application. It also defines the various queries and mutations that clients can use to interact with the server. In a way, the schema is the heart of a GraphQL application.
GraphQL is a remarkable tool to build APIs. However, it is quite different from REST. This can make it difficult for developers who have been accustomed to working with REST. There are some core concepts of GraphQL that are important to understand how GraphQL actually works.
We will be covering those core concepts in this post. However, if you are completely new to GraphQL, you should start with our Introduction to GraphQL and then, return to this post.
As an API strategy store project manager who is responsible for the API program, you have to look at both of these two sides and find the balance. It’s really hard to say what the correct balance is because it totally depends on the current landscape, on the business models, as well as on the technology maturity that you have. So you have to analyze it, and then look at the maturity model, and have a proper way of increasing or improving the business models as well as improving your technology stack.
What I’m going to do in this article is walk you through the concept of quantum duality of API as a business and API as a technology because a lot of organizations are focusing on API programs, but they are looking at only one aspect of this problem: either the business side or the technology side. However, we need to have a balance. This is where I’m going to discuss and share some of my experience working with different types of enterprises around the globe. The first thing we’ll talk about is the federation and business models around APIs, and then we will move on to how this polyglot and heterogeneous nature affects API development. From the technology side, it will be how you can move to the cloud and leverage cloud-native technologies and how you can modernize the development. All of these four pieces are tied together for a successful API program, so I’m going to discuss these concepts.
You're bound to have heard the term GraphQL. Unless you live under a rock. I doubt that though. GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data.
This tutorial will show you a step-by-step guide on how to use a GraphQL API to build Postgres metrics dashboards.
Chat notifications in Slack. Your Uber driver’s current position. Gone are the days where an app simply presented static data or invoked the occasional API; today’s users expect applications to be fully responsive—not just in terms of UI, but in terms of data too.
This shift in how data is used by applications is universal, but introducing live data to existing applications is not a trivial task. As developers tackle these new requirements, they’ll quickly encounter several realizations:
Introduction
I have been working around databases for about four decades (that does date me!). From the early days of System R and Ingres, through the commercial engines of DB2 and Oracle, the open sources of MySQL and Postgres, to the current generations of NoSQLs like MongoDB and Cassandra and scalable SQL like CockroachDB and Yugabyte, anyone who has predicted the demise of databases has proven to be wrong. SQL as the query language has persisted, evolved, and improved, but the basic select * from foo where x = 1 group by y is the language known to hundreds of thousands of developers. Why is that? Because databases just work, and how can you say that about too many things?
As a frontend developer, you want to see data in logical business constructs. Say a customer has one or more addresses, then your React application would love to see data like this:
SOA vs Microservices
Should you happen to be researching "Service-Oriented Architecture" (SOA) on the Internet today, the latest articles you are likely to find will typically be titled: "SOA vs microservices". Complicating the battle somewhat is that you will also find respected industry experts, such as Martin Fowler, stating that some “consider microservices to be one form of SOA, perhaps service orientation done right”.
Martin goes on to declare: “The problem…is that SOA means too many different things and that most of the time we come across something called 'SOA' [there is]…a focus on ESBs (Enterprise Service Buses) used to integrate monolithic applications. This common manifestation of SOA has led some microservice advocates to reject the SOA label entirely”. As such, for the remainder of this article, I will assume the use of ESB middleware as a fundamental characteristic of SOA landscapes, as well as representing the most fundamental distinction there is between SOA and REST.
Before OOP languages, the programmer would control how the program is executed and that would be from the app’s main routine. In modern programming, that control is delegated to the external non-main loops, and the main routine becomes an event-loop that waits for events to occur and then executes it with the relevant event handler.
This new model of programming (it has been around since the 70s though) is called event-driven programming.
Frontend developers want to build awesome experiences. Yet they need data from the backends and perform actions against backends. The answer to their problem is APIs. Who builds those APIs? Are they built quickly or are the frontend developers left waiting? Who runs and manages the APIs? After all, the backends do not behave in uniform ways — they speak different languages, emit differently shaped data, have varying authentication requirements, and so on. So running and managing the frontend APIs is not a task to be taken lightly.
![Can You Get the Data you Need for User Experiences?]()
Here are some considerations as you think through the APIs that are the gearbox between the frontend and backends.
Hasura GraphQL Engine launched as an open-source product in July 2018. Since then, Hasura has been downloaded over 200M times and has become the fastest-growing open-source GraphQL project globally.
Hasura accelerates API development by 10x by giving you GraphQL or REST APIs with built-in authorization on your data, instantly. In this blog post, we’re going to look at how Hasura works, what we thought about when building Hasura, and the problems we were trying to solve.
GraphQL Revisited
![GraphQL Logo]()
Key Takeaways
- GraphQL is an open-source data query and modification language for APIs leveraged by several prominent tech shops such as Facebook (original creator), Github, Pinterest, Intuit, Coursera, Paypal, Yelp, and Shopify to name a few. It has gotten a lot of positive attention from the engineering community and supporters have termed it as 'Better REST,' asserting a range of benefits over traditional REST.
- With all the buzz around GraphQL, do developers need to make an active shift towards it and deprecate REST endpoints completely? It depends on many factors, which are discussed in this article. While GraphQL is an extremely powerful and flexible API strategy, it is not a silver bullet for all your data CRUD needs. You should evaluate your application needs and developer skills to make the right call (by using a skills assessment like this one: https://pluralsight.pxf.io/doLnDj).
- GraphQL adoption (switching from REST) usually requires a major rewrite of the API and Client layer for your application. While there are material benefits to make the switch, depending on the size and complexity of your app, this can be a massive undertaking in terms of time and resources. There is also a learning curve with GraphQL and its best practices which should be taken into account before taking the leap.
- At the same time, GraphQL can remarkably simplify/optimize your data access and modification needs for both client and server-side engineers, regardless of the languages or environment you’re in. If you’re writing an app from scratch and/or not afraid to try something new, GraphQL presents itself as a great option with many compelling reasons to use it. It can vastly improve the performance of your app and developer experience.
- If you decide to leverage GraphQL, don't rush on your graph schema design. Measure twice and cut once. Mapping a good GraphQL schema is a non-trivial task. So take your time and try to get it right the first time around; it will save you from a lot of inconvenience down the line.
- GraphQL is seeing increased adoption in the Blockchain and Cryptocurrency space. Due to the distributed nature of blockchains, querying on-chain data is a hard problem and it is being simplified using GraphQL. With Graph APIs, viewing data across different crypto exchanges, markets, assets, and on-chain data can all be done in a single query.
Introduction
GraphQL is a data-query language created by Facebook that went open source in 2015. It provides a completely understandable description of the data in the API and enables clients to function in a declarative style to fetch exactly what they need — nothing less, nothing more. In this article, we will summarize how it works, why you should use it, what are some of its drawbacks and how it is increasingly being adopted in the Crypto space.
Prismatic is an integration platform used by B2B software companies to build reusable integration workflows and deploy customer-specific instances that handle each customer's unique configuration and credentials.
When we set out to create Prismatic, it was clear that we needed an API for our web app and CLI to use. Additionally, we wanted our developer users to be able to hit our API programmatically so they could manage customers and integrations as they saw fit. This presented a problem: different developers would naturally have different needs and use cases. It didn't make sense to craft a series of custom RESTful endpoints for each individual's needs. GraphQL was growing in popularity (for good reason!) and was an appropriate choice for us given our needs.
It is a really great time to be a developer.
We have tons of APIs integrated within great tools for building dynamic, full stack apps. If you are a developer, you probably are using technologies like schemaless data stores, serverless architectures, JSON APIs, and/or the GraphQL language.
Here are some considerations as you think through the APIs that are the gearbox between the frontend and backends.