Securing GraphQL API
Representational state transfer (REST) APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST.
GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL.
These differences between traditional REST APIs and GraphQL ones can create challenges for security. Legacy web application firewalls (WAFs), which rely upon features like data in the URL to identify potential threats, are unable to detect and block attacks against GraphQL APIs.