GraphQL
API - Application Programming Interface
2 min read
This section is 2 min read, full guide is 16 min read
Published Sep 24 2025
8
Show sections list
0
Log in to enable the "Like" button
0
Guide comments
0
Log in to enable the "Save" button
Respond to this guide
Guide Sections
Guide Comments
API
GraphQL is a query language and runtime for APIs, developed by Facebook. Clients can request exactly the data they need, no more, no less.
Key Features
- Single endpoint (e.g.,
/graphql). - Strongly typed schema defines queries and data.
- Client-driven → Clients shape the response.
- Supports queries, mutations, and subscriptions (real-time).
Advantages
- No over/under-fetching → Efficient data transfer.
- Great for frontends with many views and data needs.
- Introspective → Clients can explore available data.
- Ecosystem tools (playgrounds, type safety, auto-generated docs).
Disadvantages
- Steeper learning curve.
- Complex queries can be expensive on servers.
- Caching is harder compared to REST.
- Not ideal for very simple APIs.
Common Use Cases
- Apps with diverse frontend clients (web, mobile).
- Dashboards and data-heavy apps.
- Complex systems where clients need flexibility.
Security
- GraphQL itself doesn’t define authentication — it relies on the underlying HTTP layer.
- Common approaches:
- Bearer tokens / JWT in HTTP headers.
- Session cookies (server-side sessions).
- OAuth 2.0 for delegated access.
- The server resolves queries based on the user identity, often passing a
contextobject containing the authenticated user.
GraphQL Query Example
Suppose you want to get a user’s ID, name, and email:
Request (Query):
POST /graphql
Content-Type: application/json
{
"query": "
query {
user(id: 123) {
id
name
email
}
}
"
}
Explanation:
- The query asks for exactly the fields needed (
id,name,email). - Everything goes through a single endpoint (
/graphql). - No over-fetching; you don’t get extra fields you didn’t ask for.
GraphQL Response Example
The server responds with a JSON object matching the requested fields:
{
"data": {
"user": {
"id": 123,
"name": "Alice",
"email": "alice@example.com"
}
}
}
Explanation:
- The
datakey wraps the result of your query. - Fields match exactly what was requested.
- If there’s an error, you’ll also get an
errorsarray in the response.
GraphQL Mutation Example
Suppose you want to update a user’s email:
{
"query": "
mutation {
updateUser(id: 123, input: { email: \"newemail@example.com\" }) {
id
name
email
}
}
"
}
Response:
{
"data": {
"updateUser": {
"id": 123,
"name": "Alice",
"email": "newemail@example.com"
}
}
}
Notes:
- Mutations are used to create, update, or delete data.
- Like queries, the response only contains the requested fields.
Products from our shop
Docker Cheat Sheet - Print at Home Designs
Docker Cheat Sheet Mouse Mat
Docker Cheat Sheet Travel Mug
Docker Cheat Sheet Mug
Vim Cheat Sheet - Print at Home Designs
Vim Cheat Sheet Mouse Mat
Vim Cheat Sheet Travel Mug
Vim Cheat Sheet Mug
SimpleSteps.guide branded Travel Mug
Developer Excuse Javascript - Travel Mug
Developer Excuse Javascript Embroidered T-Shirt - Dark
Developer Excuse Javascript Embroidered T-Shirt - Light
Developer Excuse Javascript Mug - White
Developer Excuse Javascript Mug - Black
SimpleSteps.guide branded stainless steel water bottle
Developer Excuse Javascript Hoodie - Light
