Understanding GraphQL for API Development

GraphQL Introduction

In 2012, Facebook internally developed a data query language and specification called GraphQL. In 2015, it got open-sourced. To enhance the productivity of the developer and minimize the amount of transferred data, It provides an alternative to REST-based architectures.

Core Concept

Let’s understand the GraphQL basics. GraphQL is a syntax that has a single endpoint. Main characteristics of GraphQL are- It helps the client to specify the exact data that it requires and besides, it helps in aggregating data from different sources. 
GraphQL that contains all available data description provides a central location. Generally, you can find the GraphQL schema on the side of the server. However, the data that are based on schema could be read and write from the clients’ end. All the available data information is offered and the client-side application seeks for some part of it via GraphQL queries using mutations.

To achieve the same actions that REST allows, GraphQL uses Query, Mutation, and Subscription which will allow us to perform the actions of Create, Delete, Modify, Consult and make connections in real-time. GraphQL can be used in any language such as Node, Python, Ruby, C#, Java, etc.

GraphQL vs REST API

GraphQL is quite popular among developers because of its simple and client-driven outlook. It hands over the data controller to the clients and allows them to decide which data to return. On the other hand, due to the concept’, everything is a resource’, REST usually over-fetches data. It defines every available data, even the client requires a particular part of the same. To avail the required one, the client is required to request the whole information in a single resource over several network requests.

Pros and Cons of GraphQL

GraphQL Advantages

• GraphQL is an interesting data access layer that not only makes an API-REST much easier to implement but is more efficient and also adds quite useful features such as caching and subscriptions.

• The client’s request (query) can be adapted to the exact needs using the GraphQL query language and describing what you want back in response.

• Since you can choose the fields for your query, GraphQL provides a faster result.

• Unlike REST, there are no API versions in GraphQL because it is always possible to execrate the API on a field level.

• Queries access the properties of a resource and also follow their references, that is, it is possible to get all the data in a single request and this brings a huge performance gain because if it were in a REST scenario it would be required to load multiple URLs. 

• GraphQL brings a significant gain to applications and even greater for those using slow mobile networks.

• When using GraphQL the requests become faster because the payload traffic on the network is greatly reduced, after all only the information needed for the query in question will be sent.

• It is possible to add new types as well as fields to the specific GraphQL API that you are using and you can do this without impacting existing queries.

• As the GraphQL API is tightly tied with the code, once any field, type or query changes, so do the documentation 

• GraphQL allows building backend and merging it with the frontend. To do so, you need to put fewer efforts than before and you can do quick alterations without worrying about breaking things.

Cons of GraphQL

• Securing Your GraphQL API from Malicious Queries

  GraphQL allows you to query any point of time. Although it’s a great feel while working with an API, however, it has some complex security implications. Sometimes a malicious user or script may send malicious code or a nested query and the nested query can overload your server, network or database. If you are not protected with adequate means, there’s a great chance of a DoS (Denial of Service) attack.

• Securing Your GraphQL API from Malicious Queries

  GraphQL allows you to query any point of time. Although it’s a great feel while working with an API, however, it has some complex security implications. Sometimes a malicious user or script may send malicious code or a nested query and the nested query can overload your server, network or database. If you are not protected with adequate means, there’s a great chance of a DoS (Denial of Service) attack.

• Error reporting along with monitoring

  The HTTP status codes are leveraged by the RESTful services that can encounter several errors. With this, observing the APIs becomes convenient for the developer. However, GraphQL always ends up with the 200 OK error that makes things even more difficult for the developers to tackle the errors. This results in a cumbersome monitoring process.

• Overkill for small applications

  If you want to develop a simple app, it’s always better to go with the REST architecture. On the other hand, GraphQL is the perfect solution for several microservices. You can also take REST as a commendable approach to connect different resource-driven apps that do not require flexi queries provided by GraphQL.

• Complex web caching

  You can implement GraphQL caching at the database or client level with the help of Apollo or Relay clients. Both of them have built-in caching mechanisms. While talking about GraphQL, it doesn’t rely on the HTTP caching methods that allow storing the content of a request. To reduce the volume of traffic to any server, Caching helps a lot. It keeps accessing the information that is close to the client. Since there’s a single one endpoint with a lot of different queries, it looks quite difficult to use these queries with GraphQL API.

• Young Ecosystem

  In terms of API ecosystem, GraphQL is pretty much like a newcomer, this indicates there might be problems as well as breaking changes very frequently. So, while using any modules or library of GraphQL, you need to be very careful.

Who is using GraphQL?

There is a lot of reason to use GraphQL. The driving company behind the GraphQL specification and the reference implementation in Javascript is Facebook. However, there are other popular companies as well who’ve chosen GraphQL for their applications. some of them are-

1. Paypal
2. Twitter
3. Yelp
4. WordPress
5. The New York Times
6. Intuit
7. GitHub
8. Coursera
9. Shopify

Should I use GraphQL?

• Your app needs higher throughput and agile data processing.

• You are dealing with the projects that fetch data from multiples databases and stacks.

• There are projects with various client apps that are distributed over various platforms including mobile -app, web-app, API endpoint for 3rd parties and more.

• Projects that require integration with different third party services.

• Easily horizontal scalable projects.

• Projects that require speedy and latent network and projects where data is not distributed over various domains, they are centralized to one product instead.

The Facebook Case study

A lot of users across the globe use Facebook regularly and facebook keep rolling out new features now and then. Different users have different app versions and making an API update would make some versions of the app crash. This is where GraphQL differentiates itself as GraphQL is seamlessly integrated without breaking the existing apps.

GraphQL lets a client-side developer add new queries to retrieve data, even if that information is in a different version of the app. You simply write a query and you get the data you want. You never need to create a custom data endpoint from the server-side or ask a server-side developer to create one for you. Additionally, you can retrieve most of the data for a given view with just one request to the server.

Conclusion

While picking up any technology, it’s vital to keep in mind that it completely depends on the business logic and architecture of the project you’re dealing in. After checking every option thoroughly and doing proper research on GraphQL will help you in building up a scalable and easy to maintain business.