GraphQLConf 2023 Highlights

In September we had the opportunity to attend GraphQLConf 2023 in San Francisco to participate in a few workshops and the two conference days.

The 2023 edition of GraphQLConf turned out to be an excellent event with many community members, all the thought-leaders, companies and many GraphQL power-users present to learn and collaborate together.‍

GraphQLConf – is the only official GraphQL conference produced by the GraphQL Foundation that brings together the global community of GraphQL developers, leaders and innovators to further the education, adoption and advancement of GraphQL implementations in the industry.

At Hubql, we are also a proud community partner as the co-organizer of the GraphQL Bangkok Meetup.‍‍

GraphQLConf 2023 - A vendor-neutral conference

This year’s GraphQLConf has been the first conference organized by the GraphQL Foundation (part of Linux Foundation) ensuring a vendor-neutral conference and the backing of the community.

From GraphQLConf website:

In the 3 days of workshops, keynotes and talks from the ecosystems, GraphQLConf aims to be the forum where we bring the community together to share and learn about what’s working and where we need to innovate & collaborate to help business succeed with GraphQL.

The venue at Hyatt Regency SFO Airport was well-selected with delicious food and lots of space for attendees, 3 talk tracks and large networking/sponsorship area.‍

Our highlights

Out of the many amazing talks during the event we have picked a few talks that impressed us the most on conference day.

There were 3 tracks at the conference but there are recordings available online to catch up on all the other talks as well (we likely missed some other highlights).

‍

Mutating Meetup with GraphQL - Annyce Davis, Meetup

Annyce gave an excellent talk on Meetup’s journey adopting and improving their GraphQL implementation.

This has been an insightful talk giving an example of real-world usage and challenges they had using GraphQL in a team.

Real-world use cases like these help a lot to reflect and motivate to overcome your own challenges in your team and company.

Meetup’s journey adopting GraphQL was challenging to integrate with their legacy systems and get to a point of performance optimization adopting their architecture to remove unnecessary layers, improve caching and collaboration/education for the team.

The talk had a lot of nice visuals and ideas to help your team to adopt GraphQL better.‍

‍

Dataloader 3.0 - An Alternative Algorithm to Solve N+1 Problems - Jens Neuse, WunderGraph

Jens during the game: "Will it compose?"

Jens did one of the closing talks which turned out to be not only encouraging but was also really fun to follow.

The talk started off with a fun game to decide whether a schema composes or not for federated graphs. Everyone in the room got to learn more about federated schemas together.

As a main theme of the topic Jens, a natural speaker, shared their approach on optimizing the data loader pattern which enabled Wundergraph to gain a lot performance with their implementation compared to current approach solving N+1 problem.

The talk feature a lot great graphics how resolution can be improved comparing current process to their new process (using breadth-first rather than depth-first) plus a comparison.

The visualizations helped to understand their approach really well plus learning more about GraphQL internals in lifecycle of requests.

‍

GraphQL Security Vulnerabilities in the Wild - Antoine Carossio & Tristan Kalos, Escape

Escape team sharing security insights

The team of Escape shared insights to GraphQL vulnerabilities in the wild by scanning hundreds of GraphQL API available.

They have found a lot of security vulnerabilities in the various APIs available with different severity and concerning implications.

The talk had a great introduction to GraphQL security and what to consider when building GraphQL APIs such as challenges in testing, recursive nature of GraphQL and complexity it introduces for auth and performance as well.

Vulnerabilities found range from allowed introspection, expose error & stack traces, brute-forcing attacks with complexity or even classic injection attacks.

Antoine and Tristan shared lots of ideas and suggestion to mitigate the found vulnerabilities which turned out to be good education for running GraphQL services to are probably often overlooked.

‍

AI, GraphQL, and the Rise of Malleable Applications - Aleksandra Sikora, The Guild

Aleksandra from The Guild made a inspiring talk about AI and GraphQL sharing her ideas what a future for apps looks like using the term of malleable applications.

Malleable applications are adoptable apps that are capable to adjust to user requirements adjusting UI and hence data available to the user.

User requirements are diverse depending on their preferences, locations and other factors which means application are hardly serving the user needs with their UI and data exposed.

Aleksandra suggested that we want an app to be able to adjust starting from API layer hence GraphQL which enables us to achieve it due to its flexible nature.

Leveraging LLMs to create malleable systems still in its early stages but we can see signs of it in v0 from Vercel and also research projects in practise already.

‍

Beyond our highlights

These were just 4 of our highlights that we were able to attend in person but there were many other encouraging talks and promising announcements for the GraphQL community - here a few additional suggestion you may like:

‍

Federation and optimization announcements

• Grafast - The Future of Efficiency Is Here: Add Planning to Your Schema!  - Benjie Gillam
• GraphQL Fusion: Rethinking Distributed GraphQL - Michael Staib

GraphQL clients

• Isograph — Rethink GraphQL-Powered React Apps - Robert Balicki
• Houdini: A GraphQL-First Application Framework - Alec Aivazis

Must-watch keynotes

• 8 Years of GraphQL: Unraveling the Trade-Offs - Marc-Andre Giroux
• The “Right Size” For GraphQL - Theo Browne

‍

Next

We really enjoyed the conference, not only the workshops and talks but ability to connect again with the GraphQL community in person.

The GraphQL community stands out in terms willingness to educate and always seeking improvement together.

We are looking forward to a bright future for GraphQL as more tooling is available these days with many challenges already being solved and awareness being created for problems still to be resolved in future by both community and or vendors.

At Hubql we hope to continue to make an impact in the community sharing knowledge through the GraphQL Bangkok Meetup but also provide tooling in terms visualization and collaborating helping teams to build better APIs and applications together.

‍

See you at the next events and GraphQLConf.

‍