View profile

GraphQL: The Good and Bad Parts

GraphQL is a tragically misunderstood paradigm. Many older engineers avoid it because they think it i
GraphQL: The Good and Bad Parts
By Mastering JavaScript Tutorials • Issue #20 • View online
GraphQL is a tragically misunderstood paradigm. Many older engineers avoid it because they think it is a framework that allows clients to execute arbitrary queries against the database.

The graphql.org home page makes GraphQL sound like "security flaws as a service"
The graphql.org home page makes GraphQL sound like "security flaws as a service"
On the other hand, others think that GraphQL is a perfect all-encompassing answer to all things backend. The reality ends up being somewhere in the middle.
The Good Parts
GraphQL lets you define every function your API exposes in one parseable string. This makes it easy for clients to see what functionality the API exposes in a way that is independent from the actual implementation.
Unlike what the home page pitch indicates, a GraphQL schema is just a description of what functions the API exposes. Your API is still responsible for the implementation of the advertised functions, including security. This also means it is pretty easy to wrap an existing API in GraphQL.
GraphQL handles batching requests for you. Suppose your API has 2 GraphQL mutations that increment and decrement a number.
A simple GraphQL schema with 2 mutations
A simple GraphQL schema with 2 mutations
You can execute a single request that first increments and then decrements as shown below.
2 mutations in 1 HTTP request
2 mutations in 1 HTTP request
The Bad Parts
GraphQL schemas are just plain old strings with minimal tooling around them beyond parsing. That means there isn’t an established framework for imports or code reuse.
Types sounds like a good idea, but the reality is that modern objects are pretty complex. Without a notion of imports or generics, types get very bloated, particularly when you want to build types for something like MongoDB queries.
GraphQL doesn’t have an established framework for auth. Most GraphQL apps handle auth using the traditional HTTP header approach.
Input def for MongoDB query filters on floats. Need a separate one for other types!
Input def for MongoDB query filters on floats. Need a separate one for other types!
Most Recent Tutorials
Did you enjoy this issue?
Mastering JavaScript Tutorials

Mastering JavaScript Tutorials

If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue