Jun 17, 2021

Announcing Stellate, the CDN for GraphQL APIs

Blog post's hero image

Scaling and securing GraphQL APIs has always been a struggle in our projects.

As much as we love GraphQL for allowing us to ship good products very quickly, no traditional CDN can cache GraphQL APIs. We had to build custom caching solutions from scratch, which distracted us for weeks and the caches never worked as well as we needed them to.

That's why we created Stellate.

Stellate is the CDN for your GraphQL API. We want to give you the peace of mind for your GraphQL API that we wished we had with:

Today, we're excited to announce that Stellate is available for everybody! 🎉

Feature Overview

GraphQL Edge Cache

The Stellate Edge Cache caches your GraphQL query results at our 60 data centers worldwide and gives you fine-grained control over your cache behavior. You can configure everything at a GraphQL type- and even field-level, for example, "Cache any query result that contains a Post for 900 seconds" or "Don't cache any query result that contains an APIToken".

What really makes the Stellate Edge Cache shine is the automatic mutation invalidation. The gateway detects when mutations change some object, for example editUser(id: 5), and automatically invalidates any cached query results that contain that object!

The Stellate Edge Cache can also cache sensitive data per authenticated user, works perfectly with POST requests, supports stale-while-revalidate, and even exposes a custom cache invalidation GraphQL API for your service (e.g. mutation purgeUser(id: 5)).

GraphQL Analytics & Error Tracking

The Stellate Edge Cache also gives you detailed analytics for your GraphQL API. Imagine Google Analytics for GraphQL: it helps you understand how your GraphQL API is used, how it behaves with your traffic levels and what the experience is like for your users. It's also helpful to debug your cache hit rate and check on your origin server's performance down to the specific query:

Dashboard Requests Screenshot
Dashboard Requests Screenshot

On top of that, Stellate Analytics tracks all the HTTP and GraphQL errors your origin server responds with so you can debug customer issues better and faster. Not only that, but when the level of errors rises above the normal baseline, Stellate automatically sends you email alerts so you can stay on top of them!

Dashboard Errors Screenshot
Dashboard Errors Screenshot

GraphQL Security

Finally, Stellate also protects your GraphQL API for you. While the flexibility of GraphQL is fantastic for developers, it also opens up new attack vectors for malicious actors that traditional CDNs aren't equipped to handle.

One of the most common attacks is sending deeply nested queries to overload the server and/or database. For example, imagine a CMS with a Post that has Comments that has an Author:

query maliciousQuery {
allPosts {
comments {
author {
posts {
comments {
# ...repeat times 10000...
}
}
}
}
}
}

DataLoader can prevent some of these queries from taking up too many server resources, but not all of them. The Stellate Edge Cache comes with query depth limiting out of the box: it analyses incoming queries and blocks them if they are nested too deeply. Since The Stellate Edge Cache sits at the edge, your origin server will never have to deal with these malicious queries!

We have plans for further security features that could be useful for everybody, including rate limiting and complexity analysis, as well as a bunch of other ideas. Check out the feature requests and vote for what you would like to see next!

We're very excited to open up the Stellate Edge Cache for everybody today and hope it gives you some well deserved peace of mind for your GraphQL API. If you have any questions, ping us anytime at support@stellate.co — we're here to help!

About Us

Stellate was co-founded by Tim Suchanek and Max Stoiber. Tim is the creator of the graphql-playground and graphql-request, and was the first employee at Prisma (née GraphCool). Max co-created react-boilerplate and styled-components, and previously co-founded Spectrum, which was acquired by GitHub in 2018.

Stellate is backed by industry-leading angel investors, including Guillermo Rauch (CEO, Vercel), Tom Preston-Werner (co-founder, GitHub), Andreas Klinger (CTO, On Deck), Matt Biilmann and Christian Bach (Co-CEOs, Netlify), Jason Warner (CTO, GitHub), Nicolas Dessaigne (co-founder, Algolia), and many others.

Learn more about us