1.2. Standards

Stitch makes extensive use of open standards. Amongst the most important of these standards used are:

OAuth 2 & OpenID Connect

OAuth 2.0 is an industry-standard protocol for authorization and is used by companies such as Microsoft, Google, and Amazon.

OpenID Connect is an authentication mechanism that is built upon OAuth 2. It is gaining traction in the financial services space. Stitch uses OpenID Connect and OAuth 2 in conjunction to protect our services from malicious access.

Libraries that can interface with OpenID Connect/OAuth 2.0 are available for most languages.

GraphQL & Relay

GraphQL is a query language for Web APIs. The language is created and maintained by Facebook. A GraphQL API is strongly typed, and gives applications a lot of flexibility and ability to optimize queries, both in size, and in response times.

Many client libraries are available for GraphQL. Alternatively, GraphQL utilizes JSON and HTTP, so the Stitch API could also be queried using most HTTP/REST libraries.

In the interests of interoperability, Stitch has also implemented the Relay Server Specification to handle aspects of the API such as paging, random access, and mutations. This allows client libraries such as Relay to better handle paging and other client-side complexities.