🔮

GraphQL

GraphQL is a query language and runtime for APIs developed by Facebook in 2012 and open-sourced in 2015. Unlike REST, where each endpoint returns a fixed structure, GraphQL allows the client to specify exactly which fields it needs in a single query, reducing over-fetching, under-fetching, and multiple requests.

Examples

  • query { user(id: 42) { name email posts { title createdAt } } }
  • mutation { createPost(title: "Hello", body: "World") { id createdAt } }
  • subscription { postCreated { id title author { name } } }
  • query GetUser($id: ID!) { user(id: $id) { name posts(first: 10) { edges { node { title } } } } }
  • { users { id name } posts: allPosts { title } }

FAQ

Does GraphQL replace REST?

Not necessarily. GraphQL solves specific problems (over-fetching, multiple requests, flexibility). REST is still better for simple public APIs, HTTP cache, and when you don't need complex queries. Many companies use both depending on the case.

How do I handle authentication in GraphQL?

Same as REST: send a token (JWT, OAuth) in the Authorization header. Resolvers verify permissions before returning data. Libraries like graphql-shield allow defining declarative authorization rules at field or type level.

What is the N+1 problem and how do I solve it?

If a query requests users and their posts, without batching you'd do 1 query for users + N queries (one per user) for posts. DataLoader groups the N queries into one: SELECT * FROM posts WHERE user_id IN (...). It's essential in GraphQL; without DataLoader, nested queries are slow.