Sharing data across multiple platforms and devices has been a great burden over past years, to find solution to these problem 2000 Microsoft launch SOAP(Simple Object Access Protocol) web service architecture. SOAP is a messaging protocol specifically for exchanging structural data over the internet across multiple devices. But SOAP Web architecture has some flaws which led to development of REST(Representational State Transfer) Web service architecture.
Representational State Transfer (REST) is a software architectural style that defines a set of constraints to be used for creating web services. Web services that conform to the REST architectural style, termed RESTful web services, provide interoperability between computer systems on the Internet. RESTful web services allow the requesting systems to access and manipulate textual representations of web resources by using a uniform and predefined set of stateless operations.
What is GraphQL?
GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.
Graphql is language developed by Facebook team, it was internally used on Facebook product before it was publicly released in 2015, it was aim to provide alternative to traditional REST API architecture. many companies such as twitter, GitHub, PayPal, Shopify,Cousera, Stackshare e.t.c has adopted Graphql API as web service architecture
Advantages Graphql has over Rest (Representational State Transfer)
Not based on HTTP verbs: Graphql does not base it request on POST, GET, DELETE,PUT, PATCH. it doesn't care about the HTTP verb, just send your data it instantly understood the kind of operation your want to perform.
Automated Documentation: Documentation is a very effectual and efficient way of explaining what your web service entails, all the endpoints, endpoint parameters and response data. Graphql provides a nice documentation approach which is auto-documenting. it provides you with every necessary details that has to do with your web service unlike REST architecture that uses third party packages like swagger, Doxygen, Daux etc.
Single endpoint Route: GraphQL exposes only one single endpoint route which will allows you to get your all your data at one shot. Multiple endpoint route on REST has being one of the greatest con's of REST web service and it has great side effect on performance. assuming you need to get twitter user detail using ID as parameter and also get user's tweet and also need to get user's retweet.
with REST Web service you have a trip to the database thrice.. i.e you have a three API endpoint.. But with GraphQL you just need to specify all data you needed in a single trip and you have every data you neededData flexibility and Performance: This allows the client to have full control on the data the web service will be returning, it helps to remove irrelevant data and also optimize performance. GraphQL also provides a playground for client/developer to play around with the data.
Oldest comments (4)
Great introduction! Do you know if the fact that controlling queries on the client affect the app security?
How? Can you try to explain
Since I have played a little bit with the GraphQL playground, I have noted that we can control columns on an object, and I always wondered does any protection exists over which columns can be returned by the server? Let us say your app is querying Users names, and I alter your script on my browser to ask for the password column (which I guessed it exists, and it fact let us imagine it really exists), does the password will be fetched or is there any "field guards" with a black list of field?
from your backend codebase you can determine the object of data you want to return to the client...
for example.. twitter uses graphql and if you want to request for a particular object/data of a user.. it will never return user's password because it has been removed from the column you can play with..
moreover, when you are authenticating a user, it better to use client token verification such as jwt(Json Web Token)