What is GraphQL? introduction & comparison with REST

Author: Jochen Möller (Managing Director and CoFounder of EcholoN) - creation: 07.03.2023, last change: 28.03.2024

Welcome to our comprehensive article on GraphQL! In this article we will explain the basics of GraphQL and compare it to REST. GraphQL is a modern query language for APIs developed by Facebook. It offers many advantages over traditional REST APIs and is being used more and more by developers around the world.

What is GraphQL?

A modern query language for APIs

GraphQL is a modern query language for APIs. It was developed by Facebook in 2012 and allows developers to access data more efficiently and retrieve only the data they need. Unlike REST, where multiple endpoints can exist, GraphQL has a single endpoint through which all queries can be retrieved.

Comparison with REST APIs

Compared to REST APIs, GraphQL offers several advantages. While overfetching or underfetching of data often occurs with REST APIs, GraphQL allows for precise querying and return of data. With GraphQL, developers can specify exactly what data they need and receive only that data back. This leads to efficient data manipulation and optimised data retrieval.

Advantages of GraphQL

GraphQL offers many advantages over REST APIs. It allows for efficient data retrieval as only the data that is needed is retrieved. Moreover, GraphQL is very flexible and allows developers to create complex queries with only a single request. In addition, GraphQL supports various programming languages such as Javascript, Python and Ruby. There is also an active community that supports and develops GraphQL, such as the GraphQL Foundation.

How does GraphQL work?

GraphQL Schema and Type System

The heart of GraphQL is the schema. The schema defines the structure of the data and the possible queries that can be made. The type system of GraphQL allows developers to create clear and understandable API interfaces. The data is defined in terms of objects and fields, which in turn can be linked to each other.

GraphQL syntax and query language

The syntax of GraphQL is similar to that of JSON. Queries are made in the form of so-called "queries". A GraphQL query defines the desired data and its structure. It is also possible to use variables in queries to further increase flexibility. With GraphQL, data can also be mutated by changing, adding or deleting it via so-called "mutations". Subscriptions, like websockets, make it possible to receive real-time updates by establishing a permanent connection channel between client and server.
GraphQL Clients and Endpoints

To work with GraphQL, you need a GraphQL client. A GraphQL client is a software library that can be used to send queries to a GraphQL API. The client handles communication with the GraphQL server and processes the queries and responses. GraphQL supports multiple endpoints, which allows developers to have different functions within one application.

Why is GraphQL efficient?

Reduced overfetching and underfetching

One of the main problems with REST APIs is overfetching or underfetching of data. Overfetching occurs when more data is retrieved than needed, while underfetching means that not enough data is retrieved. With GraphQL, developers can specify exactly what data they need and only get that data back. This eliminates overfetching and underfetching and improves query efficiency.

Efficient data manipulation with GraphQL

GraphQL not only enables efficient querying of data, but also efficient data manipulation. With GraphQL, data can be edited or added through so-called "mutations". Developers can specify exactly which changes are to be made and receive only the relevant information back.

Optimised data retrieval with GraphQL

GraphQL enables optimised data retrieval, as only the required data is retrieved. This eliminates the need for tedious searching of unused data. It also allows developers to create complex queries with just a single query, resulting in improved performance. This flexibility also allows developers to optimise data retrieval and improve response time.

GraphQL vs. REST: Which is better?

Comparison of programming languages for GraphQL and REST

GraphQL is supported by various programming languages such as JavaScript, Python and Ruby. REST is also supported by a wide range of programming languages due to its long market presence. Developers can choose the language that best suits their application.

Differences in the data query process

The data query process differs greatly between GraphQL and REST. With REST, developers have to call multiple endpoints to retrieve all the data they need. With GraphQL, everything can be retrieved in a single query, improving efficiency and reducing traffic.

Developer ease of use comparison

Both GraphQL and REST have their advantages and disadvantages in terms of developer friendliness. GraphQL offers a clear and understandable API interface, while REST offers more freedom in designing the API. The choice between GraphQL and REST depends on the requirements of the project and the preferences of the developers.

What are the risks of using GraphQL for data exchange?

Using GraphQL for data exchange offers many benefits, but also poses some risks and challenges that should be considered during development and implementation.
Here are some of the risks associated with using GraphQL:

Overfetching and Underfetching:

While GraphQL addresses the problem of overfetching (retrieving too much data) and underfetching (not retrieving enough data), there is a risk that developers will still create insufficiently optimised queries. This can lead to inefficient use of resources and affect performance.

Complex queries:

Because GraphQL allows clients to create very complex queries, there is a risk that queries become too complex and retrieve an unnecessary amount of data. This can increase server load and affect performance.

Security risks:

Inadequately secured GraphQL servers can be vulnerable to security attacks. For example, malicious clients could attempt to perform excessive queries or denial-of-service attacks. It is important to implement query limits and security mechanisms to prevent such attacks( reverse proxy / firewall / security software).

Database performance:

When GraphQL queries are mapped directly to databases without proper optimisation, inefficient queries and complex relationships could impact database performance.

Data exposure and privacy:

GraphQL allows clients to request exactly the data they need. This can lead to sensitive data being inadvertently exposed if access control is not properly implemented. Privacy and access control should be carefully considered. Through the use of privileges, separation can be set within EcholoN.

Documentation and training:

Because GraphQL APIs are flexible and strongly typed, their use requires good documentation and training for developers to ensure they can use the API effectively and safely.
Most of these risks can be addressed with careful planning, implementation and monitoring. It is important to use best security practices, optimise performance and keep API documentation up-to-date to effectively take advantage of GraphQL.

Practical use of GraphQL

GraphQL API in a JavaScript application

To use GraphQL in a JavaScript application, you need a GraphQL client such as Apollo Client or Relay. These clients allow you to communicate with the GraphQL API and send queries and mutations. With GraphQL, developers can create precise queries and retrieve only the data they need.

Integrating GraphQL into a cloud environment

GraphQL can also be integrated into a cloud environment. Cloud hosting platforms such as AWS and Heroku offer support for GraphQL applications. Developers can host their GraphQL APIs in the cloud and benefit from the advantages of a scalable and reliable infrastructure.

Request and return data with GraphQL

With GraphQL, developers can specify exactly what data they need and receive only that data back. This enables efficient data retrieval and reduces data traffic. Developers can also create complex queries with just a single request, resulting in improved performance.

Application areas:

APIs for mobile apps and web apps: GraphQL is particularly well suited to applications that have varying data requirements, as clients can only retrieve the data they actually need. This helps to optimise the performance of the applications.
Development processes: GraphQL facilitates collaboration between front-end and back-end developers, as both teams can work independently. Front-end developers can define data requirements directly in their queries without having to wait for back-end changes.
Data Stitching: With GraphQL, data from different sources, such as databases, RESTful APIs and microservices, can be merged into a single query. This makes it possible to create unified interfaces for complex systems.
Real-time web applications: GraphQL can be integrated with WebSockets or other real-time technologies to enable real-time updates in web applications, such as social networks or chat applications.
Prototyping and experimentation: GraphQL makes it easy to prototype API endpoints and experiment with new features, as developers can easily add new fields and queries without affecting the existing API.
Client libraries: There are numerous client libraries for different platforms and programming languages that facilitate the use of GraphQL in applications.
Overall, GraphQL provides an efficient way to exchange data between clients and servers and allows greater flexibility and control over the retrieved data, which is particularly beneficial in modern web and mobile applications.

Example GraphQL query of the EcholoN API

The EcholoN API uses GraphQL to perform queries and mutations. Queries can be used to retrieve information from the database. Specific fields can be defined to retrieve only the required data. This helps to maximise the efficiency of queries and minimise network traffic. On the other hand, mutations allow data to be changed in the database. This allows users to create new data, update existing data or even delete it. For example, process templates can then be addressed with workflows and / or work patterns in the workflow engine. Subscriptions, similar to WebSockets, allow current information to be obtained in real time by establishing a permanent connection channel between the client and the server. The use of GraphQL in the EcholoN API improves the flexibility and performance of the system.

View query

{
views {
    incidents(skip: 2, first: 2, orderBy: ["number_asc"]) {
      id {
        entityId
        itemId
      }
      number
      name
    }
}
}

Reply

{
"data": {
    "views": {
      "incidents": [
        {
          "id": {
            "entityId": "81986bf1-6e94-405d-b9c3-2a2eeb691d88",
            "itemId": "39574653-eb5b-4276-a165-108953db1b08"
          },
          "number": "IM-000002",
          "name": "Monitor flackert"
        },
        {
          "id": {
            "entityId": "81986bf1-6e94-405d-b9c3-2a2eeb691d88",
            "itemId": "8956c73f-f91b-4234-9750-5785b52fda2e"
          },
          "number": "IM-000009",
          "name": "Drucker druckt nicht "
        }
      ]
    }
}
}

Mutation

mutation {
working {
    enqueueChangeTargetDate {
      latest(
        input: {items: [
          {reference: "myref1", identity: {entityId: "81986bf1-6e94-405d-b9c3-2a2eeb691d88", itemId: "9e1c3a25-1d7e-44ad-871f-f76750360fa7"}}],
          title: "Change Date",
          workedOn: "2023-09-06T11:00:00.000Z",
          data: {targetDate: "2023-12-27T11:00:00.000Z"}}
      ) {
        id
        number
        reference
        statusCode
      }
    }
}
}