What is graphql?

GraphQL is a communication layer to share data between a backend system and a frontend system. It was invented by Facebook and has been used widely since in the web industry. Commonly, it is compared with its counterpart, the API. In this article, we explore some important questions to understand how it can fit with our web environment.

Where is it used?

Typically, PWA applications, web applications which are recent.

How fast is graphQL?

The speed of GraphQL is dependent on several factors: a graphQL call returns data to the frontend. The more data is returned, the longer the call is. This particular issue is the same for API calls. The speed will be impacted with how the implementation to gather the data is designed. This aspect is identical with API. In my experience, GraphQL has less boilerplates than API and that means it is easier to deploy some new GraphQL services. Conversely, API defines contracts using interfaces. These are a strong part of the implementation to help communicate the system architecture to varied stakeholders.

GraphQL can outperform API in 2 situations: 

• For a same call with the same purpose, GraphQL can return less data without new code 
• The implementation only performs data retrieval for the data that are needed in the response, also known as overfetching and underfetching.

The last point is likely where graphql excels whilst API is left behind.

GraphQL vs RestAPI?

The answer may be GraphQL is more versatile whilst API is more structured. GraphQL makes development easier, while REST APIs provide a structured and predictable approach that may be preferable for well-defined solution architectures.

Is GraphQL more secure than APIs

GraphQL comes with the possibility to have a header just the same as API. Subsequently, GraphQL operations can be secured if we need them to be not publicly available or if we want to control how they are consumed (rate limiting). Most of this heavy lifting is done by the adapter that is used.

Security is a complex topic. To ensure the implementation for either of these technologies delivers best practices: it is essential to gain expertise with CORS, Authentication, Sanitisation, Bearer Token.

How to use graphQL?

To use GraphQL, we commonly use an adapter. For any project that we start, we will always have a framework that is our reference. Using PHP and Javascript technologies for my personal experience, I have seen GraphQL implementations making their consumption very easy. Because sharing data from backend to frontend is a daily occurence, these adapters have made the heavy lifting for us and we are often left with just the needs to design our calls to use the adapter securely and get these calls fast but also cached if possible.