Engineering Newsletter Issue #13 – Federated GraphQL

Struggling to scale your monolithic app? Explore Federated GraphQL for building scalable & maintainable GraphQL APIs. Learn more about Netflix & NextAuth.js.

Aobakwe Kodisang
April 12, 2024
Blog cover image

<1/> Federated GraphQL

Scaling monolith applications can become a headache for teams. As the codebase grows, it becomes almost tedious to onboard new developers, at times small changes can break parts of the application. The question then is how do we design enterprise applications with all these future problems in mind? Well, when making architectural decisions, we need to account for the fact that our codebase could grow, maybe our API surface could grow, new application features could be introduced, and often we default to microservices as our solution.

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally.

Federation is the way of combining your GraphQL APIs into a single supergraph, it is Apollo‘s answer for developing GraphQL servers in a microservices architecture. Having a single graph is a way of staying true to Principled GraphQL, stating that to get the best out of GraphQL we need to access data and services from a single query. There is not that much difference in implementation between a normal single graph API and a federated sub-graphed API, in federated the client interacts with the router, and the router is smart enough to know which requests need which subgraph.

In a federated architecture, your individual GraphQL APIs are called subgraphs, and they’re composed into a supergraph. By querying your supergraph, clients can query all of your subgraphs at the same time

Well, as your application grows, in the codebase, users, and features, you might need to scale the team also, now as the team grows, that does not necessarily mean that development time decreases, however, we need to ensure that development time decreases or stays the same. Federation, encourages a design principle called separation of concerns, meaning we could break down our team into sub-teams, working on specific products and features in this single unified graph, each team owns its subgraph, and as new members join, there is less scope to cover when onboarding developers.

<2/>Deeper Dives

Netflix TechBlogNetflix Technology BlogLearn how Netflix uses GraphQL federation for its API architecture, offering a unified, curated API powered by decoupled back-end services.How Netflix Scales its API with GraphQL Federation (Part 1)

Netflix TechBlogNetflix Technology BlogLearn what’s needed to migrate to and run a federated GraphQL API platform successfully.How Netflix Scales its API with GraphQL Federation (Part 2)

Today, we’re excited to unveil our next-generation GraphQL Federation runtime: the Apollo Router. The Apollo Router is written in Rust, and it is fast. Early benchmarks show that the Router adds less than 10ms of latency to each operation, and it can process 8x the load of the JavaScript Apollo Gate...Apollo Router: our GraphQL Federation runtime in Rust

<3/>The Weekly Dev

Photo by Markus Spiske

Photo by Markus Spiske

NextAuth is an authentication solution for NextJS applications. Instead of taking a lot of development time trying to perfect authentication, you could just rely on NextAuth to lift the weight for you. The code that is on the front page is almost all you need to get your authentication up and running. Out of the box, it supports a wide pool of authentication providers, which are services that can be used to sign in the user. With NextAuth there are four ways to sign in your users, a built-in OAuth Provider, a custom OAuth Provider, email, and credentials. It is not opinionated about what database you should use, and can also be configured without a database. Another concept that comes with NextAuth is adapters, these are what connect your application to the database that you are using, and because you can set up your application without a database, adapters are optional.
That is it, no more authentication headaches!

A critical authentication bypass flaw in an NPM package could allow a malicious actor to take over a victim’s email account.

Do not worry; that has been patched at the time of writing this. This flaw was related to applications that were using EmailProvider in versions before either v4.10.3 or v3.29.10
You can go through setting up authentication for your application with these guides:

NextAuth.jsIntroduction | NextAuth.jsAbout NextAuth.js

<4/>Inside the console

Security breaches are happening by the day and having monitoring tools that can provide insight into how or what causes a breach is important.

AWS CloudTrail helps us monitor user activity across our infrastructure, not only is the monitoring at the application level, but events in the AWS console are also monitored and logged, on the paid version you get access to AWS Cloudtrail Insights. Insights are events that Cloudtrail detects unusual activity.AWS Cloudtrail is enabled by default and is always on.

Check out a list of features and pricing in the service

<5/>Geeking it up

A tool for writing glamorous shell scripts.

PocketBase is an open-source backend consisting of an embedded database (SQLite) with real-time subscriptions, built-in user management, convenient dashboard UI, and simple REST-ish API.

Bun is a new JavaScript runtime with a native bundler, transpiler, task runner, and npm client built-in.

‍Building Scalable and Maintainable Applications with

As you've seen, Federated GraphQL offers a powerful approach to building scalable and maintainable applications. However, implementing and integrating new architectures can be complex. This is where a dedicated software development partner like can be invaluable.

If you're looking to build a scalable and maintainable application using Federated GraphQL or any other innovative technology, is the ideal partner for you. Contact us today to discuss your project and see how we can help you bring your vision to life.

As seen on FOX, Digital journal, NCN, Market Watch, Bezinga and more

Scale your development team
faster with

Get in touch and let's get started
Book a Demo