graphQL is a way of specifying in the request, what data you want to come back in the response
REST centers around resources:
https://example.com/api/v3/products
https://example.com/api/v3.users
These calls bring back all the fields for products or users
However we may only may need some of the fields,
We also need to make seperate calls to get the info for products and users.
In graphQL the REST call specifies what we want to come back. We can have data from different domains coming back. For example we can have the information from a product and its author coming back in the same response.
For example a GET may look like this:
GET /graphql?query={book(id: "123") {title, authors {name } } }
graphQL uses schema definitions:
type Book {
id: ID
title: String
authors: [Author]
}
type Author {
id: ID
name: String
books: [Book]
}
Requires heavier tooling support which is not suitable for a simple API
While REST API GET is easily cached, graphQL uses POST which is not cache friendly
The schema is exposed to the Client so a malicious Client could modify the schema to do a full table scan on the DB and thus crash or slow down the service.
There are ways to mitigate this table scan risk but it adds complexity.
Back: Overview of Tech
Page Author: JD