OPEN TALK (API): Securing GraphQL with Cost Directives


Morris Matsa
IBM, API Gateway Lead, IBM API Connect and DataPower Gateways

Morris leads the API Gateway team for IBM’s API Connect and DataPower Gateway prod-ucts, providing a wide variety of capabilities with a highly-performant implementation custom-built for API traffic, while also enabling access to thousands of legacy capabilities. Last month, the team released fully-integrated APIM management for GraphQL APIs. Previously, Morris has led innovative teams at IBM, across a wide number of areas: Web Services, REST, Compilers, a GUI framework, instant messaging, XML processing, JSON processing, and more.


Large public GraphQL endpoints have all advertised a notion of GraphQL cost for years, and various GraphQL servers and open source projects have implemented GraphQL cost calculations. In 2021, an effort has begun to standardize how systems communicate GraphQL cost to each other, which has promise to dramatically ease securing these systems and thus opening up many more big public GraphQL endpoints. Join us to learn about this effort, and how it can benefit you and your GraphQL strategy.