After a few years of working with GraphQL, as open-source developers and as infrastructure team in large enterprises, we’ve learned some lessons about GraphQL, and how to authenticate and authorize GraphQL API. Authentication and authorization should be simple, because for most cases, it’s just a piece of code that we wish to run before letting users access certain resources. In this article we’ll