Full blown GraphQL is hard to properly support. It needs a lot of developer time to get everything correct, as stated in the article.
However, you can go very far with a simpler version of it, just by allowing clients to specify what fields/relations they want and in what context.
I'm using a library that I've created for myself for years without any of the problems mentioned in the article.
The client side queries are generated by the server at compile time. Each request for an object requires a "segment" to be specified. On the server, each segment has the necessary filters/limits automatically applied to prevent data leaks.
However, you can go very far with a simpler version of it, just by allowing clients to specify what fields/relations they want and in what context.
I'm using a library that I've created for myself for years without any of the problems mentioned in the article.
The client side queries are generated by the server at compile time. Each request for an object requires a "segment" to be specified. On the server, each segment has the necessary filters/limits automatically applied to prevent data leaks.