Seven key insights on GraphQL trends - IBMwww.ibm.com › think › insights › seven-key-insights-on-graphql-trends

Similar to other API specifications, GraphQL should be paired with API management software to get the most benefits. GraphQL is often implemented as a gateway or middleware for different data sources, which means that the API performance and security depend on these downstream sources. To optimize GraphQL API performance, you should make use of a query cost analysis to implement rate limiting based on the connected data sources. Presentations at GraphQLConf discussed how observability and rate limiting play important roles in API management for GraphQL. ## 3. GraphQL security Security for GraphQL APIs is becoming even more critical now that enterprises have started running GraphQL at scale. As the structure of GraphQL is different from other API specifications, it has its own needs in terms of security. During the conference, GraphQL-specific vulnerabilities like complexity issues and schema leaks were highlighted. Of course, security threats that apply to standard API specifications—such as injections and server errors—also apply to GraphQL APIs and can often be mitigated by API management solutions.