GraphQL - TL;DR
GraphQL - information for absolute beginners
Contents
GraphQL — TL;DR
- Facebook develops GraphQL in 2015. On 7 November 2018, the GraphQL project was moved from Facebook to the newly-established GraphQL Foundation.
- Lee Byron https://leebyron.com/ is co-creator of GraphQL at Facebook
- GraphQL is a data query and manipulation language for APIs. It can be alternative to REST API or co-exist with REST API
- GraphQL is not a query language of GraphDB but you can use GraphDB with GraphQL.
- GraphQL is preferred when the application has multiple clients (web, mobile, IoT, CLI, etc) which can ask data based on the requirement.
- REST API has fixed request and response which lead to a problem of over-fetching and/or under-fetching. GraphQL solves this problem with query.
- GraphQL Foundation maintains specification http://spec.graphql.org/, documentation, tools and vendor-neutral events. GraphQL Working Group (WG) manage & - maintain specification. https://github.com/graphql/graphql-wg
- Scaling GraphQL is not as easy as REST APIs but there are good techniques available to solve scalability.
- GraphQL avoids versioning by design, It’s simple to provide backward compatibility with GrapQL compare to REST API.
- JSON is defacto serialization format for GraphQL but GraphQL specification doesn’t stop to use another serialization format.
- GraphQL has Query and Mutation. The query is used to fetching the data and mutation is used to create, update or delete data.
- GraphQL Client can ask anything from the defined schema https://graphql.org/learn/schema/ unlike REST has fixed request and response models.
- GraphQL uses only HTTP POST method for everything (query and mutation).
- As GraphQL use the single endpoint. It’s not a straight forward way to cache data like REST API but there are many approaches to cache response. 1. Server-side caching based on a globally unique id. You can also use an HTTP cache-control header.
- Security of GraphQL is not very different from REST API security. You need to take care of SQL Injection, DoS attack, SSRF, CRLF etc, Read more https://www.howtographql.com/advanced/4-security/ and https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
- GraphQL Schema supports strong type system. It supports int, float, string, boolean, ID, enum, list and object.
- Video tutorial for beginners - https://www.youtube.com/watch?v=ed8SzALpx1Q
- Popular Frameworks & Service Apollo (https://www.apollographql.com/), Prisma (https://github.com/prisma/prisma), express-graphql (https://github.com/graphql/express-graphql), Graphql (https://github.com/graphql-go/graphql), Hasura (https://hasura.io/), Dgraph (https://dgraph.io/)
- People to follow Lee Byron https://twitter.com/leeb, Dan Schafer https://twitter.com/dlschafer, Jonas Helfer https://twitter.com/helferjs, Nick Schrock https://twitter.com/schrockn, Urigo https://twitter.com/UriGoldshtein