Day 4: Subscriptions and Real-Time Data

Today's Objective

WebSocket-based subscriptions, pub/sub patterns, and the cursor-based pagination that keeps GraphQL performant at scale.

The Context Function

Context setup

import { ApolloServer } from '@apollo/server'; import { expressMiddleware } from '@apollo/server/express4'; import jwt from 'jsonwebtoken'; import User from './models/User.js'; const server = new ApolloServer({ typeDefs, resolvers }); await server.start(); app.use('/graphql', expressMiddleware(server, { context: async ({ req }) => { const token = req.headers.authorization?.split('Bearer ')[1]; let currentUser = null; if (token) { try { const { id } = jwt.verify(token, process.env.JWT_SECRET); currentUser = await User.findById(id); } catch {} } return { currentUser }; } }));

Using context in resolvers

const resolvers = {
  Query: {
    me: (_, __, { currentUser }) => {
      if (!currentUser) throw new Error('Not authenticated');
      return currentUser;
    },
  },
  Mutation: {
    createPost: (_, { input }, { currentUser }) => {
      if (!currentUser) throw new Error('Not authenticated');
      if (currentUser.role !== 'author') throw new Error('Not authorized');
      return createPost({ ...input, authorId: currentUser.id });
    }
  }
}

💡

Build a reusable requireAuth(context) helper function that throws if currentUser is null. Call it at the top of every protected resolver. Consistent error messages make debugging easier.

📝 Day 4 Exercise

Add Auth to Your GraphQL API

Day 4 Summary

Context runs on every request and is passed to every resolver as the third argument.
Verify the JWT in context. If invalid, set currentUser = null — don't throw.
Throw authorization errors inside resolvers, not in the context function.
AuthenticationError → 401. ForbiddenError → 403. Use the right error type.

→

← Previous

Day 3: Mutations: Writing Data

Day 5: Apollo Client

→

What's Next

The foundations from today carry directly into Day 5. In the next session the focus shifts to Authentication, Authorization, and Federation — building directly on everything covered here.

Supporting Videos & Reading

Go deeper with these external references.

YouTube

Subscriptions and Real-Time Data — Video Walkthroughs Community tutorials and walkthroughs covering the concepts in this lesson.

→

YouTube

Subscriptions and Real-Time Data Explained Deep-dive explanations and live-coding sessions from top educators.

→

Official Docs

Official Documentation Primary reference documentation for the technologies covered in this lesson.

→

GitHub

Open Source Examples Real-world codebases demonstrating the patterns taught in this lesson.

→

Day 4 Checkpoint

Before moving on, verify you can answer these without looking:

What is the core concept introduced in this lesson, and why does it matter?
What are the two or three most common mistakes practitioners make with this topic?
Can you explain the key code pattern from this lesson to a colleague in plain language?
What would break first if you skipped the safeguards or best practices described here?
How does today's topic connect to what comes in Day 5?

Live Bootcamp

Learn this in person — 2 days, 5 cities

Thu–Fri sessions in Denver, Los Angeles, New York, Chicago, and Dallas. $1,490 per seat. June–October 2026.

Reserve Your Seat →

Continue To Day 5

Day 5: Apollo Client

→