Chris and Desmond are back! In this episode we talk about Desmond’s exploration into Property-Based testing, and then do a deep dive into authorization and access control in Chris’ GraphQL API. Property-based testing is a new world for both of us, but we do our best to tell you all about what libraries to use and how we’re thinking of using it. Chris is deep in some reworking of the authorization code in his GraphQL API and we go into depth talking about how it is structured, some of the challenges of building a flexible authorization system and then how this integrates back into a system. After talking about authorization we then go into validation of parameters in our APIs and how we think about typing and validating them at the boundaries, and in our Ecto Schemas. ## Links * EMPEX LA (https://empex.co/la) * StreamData Library for property testing (https://github.com/whatyouhide/stream_data) * PropEr (https://github.com/proper-testing/proper) * PropSchema (https://github.com/podium/prop_schema) * Property-Based Testing with PropEr (https://pragprog.com/book/fhproper/property-based-testing-with-proper-erlang-and-elixir) * StreamData: Property-based testing and data generation for Elixir (https://elixir-lang.org/blog/2017/10/31/stream-data-property-based-testing-and-data-generation-for-elixir/) * Canada Library (https://github.com/jarednorman/canada) * GraphQL Scalar Types in Absinthe (https://hexdocs.pm/absinthe/custom-scalars.html) * JSON Schema in Elixir (https://github.com/jonasschmidt/ex_json_schema) * API versioning at Stripe (https://stripe.com/blog/api-versioning)