GraphQL lets you define every function your API exposes in one parseable string. This makes it easy for clients to see what functionality the API exposes in a way that is independent from the actual implementation.
Unlike what the home page pitch indicates, a GraphQL schema is just a description of what functions the API exposes. Your API is still responsible for the implementation of the advertised functions, including security. This also means it is pretty easy to wrap an existing API in GraphQL.
GraphQL handles batching requests for you. Suppose your API has 2 GraphQL mutations
that increment and decrement a number.