GraphQL?
What’s Not And
What’s Hot About it.

Perhaps this is not the topic you were hoping to find, and someof the things here seem absurd, but believe me there are peoplewho think or have thought the most crazy things about GraphQL.

First things First, Kemosabe!

If you’re like me, you probably go through three stages whenhearingabout a new technology:

1. Dismissal

One more JavaScript library?! Just use jQuery already!

2. Interest

Hmm, maybe I should check out this new library I keep hearingabout…

3. Panic

Help! I need to learn this new library right now or I’llbecompletely obsolete!

The trick to maintaining your sanity in these fast-moving timesis tolearn new stuff right between stages two and three, onceyourinterest is piqued but while you’re still ahead of thecurve.

Which is why now is the perfect time to learn what exactlythisGraphQL thing you keep hearing about really is.

You there, in the back. Yes, you. I can see you want toasksomething. Go ahead, don’t be shy! CommonQuestionsStarting..3..2…1

What’s the relation between GraphQL and graph databases?

Not much, really, GraphQL doesn’t have anything to do withgraphdatabases likeNeo4j. The"graph" part comes from the idea of crawling across yourAPIgraph by using fields and subfields; while "QL" stands for"querylanguage".

I’m perfectly happy with REST, why should I switch to GraphQL?

If you haven’t yet bumped into the REST pain points that GraphQLismeant to address, then I would say that’s a good thing!

Using GraphQL over REST probably won’t affect your app’s overalluserexperience that much, so switching to it isn’t a matter oflife ordeath by any means. That being said, I’d definitelyrecommend tryingout GraphQL on a small side project if you everget the chance.

Can I use GraphQL without React/Relay/*insert library here*?

Yes you can! Since GraphQL is just a specification, you can useitwith any library on any platform, either with a client (forexample,Apollo hasGraphQL clientsfor the web, iOS, Angular, etc.) or by makingyour own calls to aGraphQL server.

GraphQL was made by Facebook, and I don’t trust Facebook

Again, GraphQL is a specification, meaning you can useGraphQLimplementations without running a single line of code writtenbyFacebook.

And while having Facebook’s support is definitely a nice plusfor theGraphQL ecosystem, at this point I believe the communityis bigenough for GraphQL to thrive even if Facebook were tostop using it.

This whole "let the client ask for the data they need"businessdoesn’t sound very secure to me…

Since you write your own resolvers, it’s up to you to addressanysecurity concerns at that level.

For example, if you let the client specify a limit parametertocontrol the number of documents it receives, you’ll probablywantto cap that number to avoid denial-of-service-style attackswhereclients requests millions of documents over and over.

Is GraphQL a Database Technology?

No. GraphQL is often confused with being a database technology.Thisis a misconception, GraphQL is a query language for APIs -notdatabases. In that sense it’s database agnostic and can beused withany kind of database or even no database at all.

Is GraphQL only for React / Javascript Developers?

No. GraphQL is an API technology so it can be used in anycontextwhere an API is required.

On the backend, a GraphQL server can be implemented inanyprogramming language that can be used to build a web server.Nextto Javascript, there are popular reference implementationsfor Ruby,Python, Scala, Java, Clojure, Go and .NET.

Since a GraphQL API is usually operated over HTTP, any clientthatcan speak HTTP is able to query data from a GraphQL server.

Note: GraphQL is actually transport layer agnostic, so youcouldchoose protocols other than HTTP to implement your server.

How to do Server-side Caching?

One common concern with GraphQL, especially when comparing ittoREST, are the difficulties to maintain server-side cache.WithREST, it’s easy to cache the data for each endpoint, sinceit’ssure that the structure of the data will not change.

With GraphQL on the other hand, it’s not clear what a clientwillrequest next, so putting a caching layer right behind theAPI doesn’tmake a lot of sense.

Server-side caching still is a challenge with GraphQL. Moreinfoabout caching can be found on the GraphQL website.

How to do Authentication and Authorization?

Authentication and authorization are often confused.Authenticationdescribes the process of claiming an identity.That’s what you dowhen you log in to a service with a usernameand password, youauthenticate yourself. Authorization on theother hand describespermission rules that specify the accessrights of individual usersand user groups to certain parts ofthe system.

Authentication in GraphQL can be implemented with commonpatternssuch as OAuth.

To implement authorization, it is recommended to delegate anydataaccess logic to the business logic layer and not handle itdirectlyin the GraphQL implementation. If you want to have someinspirationon how to implement authorization, you can take alook at Graphcool’spermission rules.

How to do Error Handling?

A successful GraphQL query is supposed to return a JSON objectwith aroot field called "data". If the request fails orpartially fails(e.g. because the user requesting the datadoesn’t have the rightaccess permissions), a second root fieldcalled "errors" is added tothe response:

{ "data": { ... }, "errors": [ ... ] }

For more details, you can refer to the GraphQL specification.

Does GraphQL Support Offline Usage?

GraphQL is a query language for (web) APIs, and in that sensebydefinition only works online. However, offline support ontheclient-side is a valid concern. The caching abilities of RelayandApollo might already be enough for some use cases, but thereisn’t apopular solution for actually persisting stored datayet. You cangain some more insights in the GitHub issues ofRelay and Apollowhere offline support is discussed.

So what do I need to get started?

Generally speaking, you’ll need at least two components to runaGraphQL-powered app:

  • A GraphQL server that serves your API.
  • A GraphQL client that connects to yourendpoint.

Conclusion

GraphQL might seem complex at first because it’s a technologythatreaches across many areas of modern development. But if youtake thetime to understand the underlying concepts, I thinkyou’ll find outthat a lot of it just makes sense.

So whether you end up actually using it or not, I believe it’sworthtaking the time to familiarize yourself with GraphQL. Moreand morecompanies and frameworks are adopting it, and it mightvery well endup becoming one of the key building blocks of theweb over the nextfew years.

1

GraphQL?
What’s Not And
What’s Hot About it.

Perhaps this is not the topic you were hoping to find, and someof the things here seem absurd, but believe me there are peoplewho think or have thought the most crazy things about GraphQL.
more