Wilson Mar bio photo

Wilson Mar

Hello!

Calendar YouTube Github Acronyms

LinkedIn

GraphQL API

Now THIS is the new industry standard that replaces REST API.

US (English)   Norsk (Norwegian)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Estonian   اَلْعَرَبِيَّةُ (Egypt Arabic)   Napali   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean

Overview

GraphQL is an API server that sits between client applications and data storage.

To adopt GraphQL,

1) Establish relational (SQL) databases (e.g., MySQL, PostgreSQL, SQL Server, MS Fabric) or NoSQL databases (e.g., MongoDB).

2) create a GraphQL schema by writing GraphQL Schema Definition Language. StepZen provides CLI commands to import a MySQL database and auto-generate GraphQL types and queries. Microsoft Fabric can introspect an existing SQL database and automatically generate a GraphQL schema.

3) create resolver software that fetch or manipulate data corresponding to the GraphQL queries or mutations.

4) client apps.

GraphQL is like a buffet. It allows a single data graph with strongly typed schema to return just as much data as needed from a client. VIDEO: Fireship’s “GraphQL Explained in 100 Seconds”.

http://graphql.org/blog says:

Schema Definition Language (SDL)

GraphQL is a data description language and not a programming language.

GraphQL communicates in a Schema Definition Language (SDL) defined at https://graphql.org/learn/schema

type Query {
  hello(name: String = "stranger"): String
  goodbye: String
}

Glossary

  • A GraphQL Schema is like a contract or agreement between you and the server about what data you can ask for. It tells you what’s available.
  • Queries: These are like questions you ask to get data.
  • Mutations: If you want to add, change, or delete data on the server, you use these.
  • Subscriptions: These let the server send you updates automatically when something changes.
  • Types: The schema talks about different kinds of data models. Basic types like text or numbers help define simple details.
  • Fields: These are specific pieces of data you can ask about. You can also give specific instructions to get exactly what you need.
  • Resolvers: These are like helpers on the server that find the data for you.
  • special commands control what data you get based on certain conditions.
  • smart data fetching: Choose a way to fetch data that automatically handles grouping and storing data efficiently.
  • Over-fetching is when you ask for more information than you really need. It’s like packing too much for a trip.
  • Under-fetching happens when you make too many small requests. It’s like going back and forth to the store because you forgot items.

Community stats

In September 2015, Facebook (now Meta) released GraphQL to the public, after delivering data to Facebook mobile News Feed since 2012.

http://facebook.github.io/graphql

The status of community as of November 5, 2015:

There are Google Groups for specific implementations:

Why?

It was a necessity for Facebook (the world’s busiest mobile app) for these advantages over REST API: GraphQL lets you ask for and get exactly the data desired. This saves time and resources.

  • Perform an introspection query. As the GraphQL schema matures, new data types appear.

  • Make a single call to retrieve (rather than many REST API calls).

  • Response is structured using the same JSON hierarchy as the call. A shared schema language between front-end and back-end. This is hugh.

  • Changes can occur with less fuss (pain) than REST API. No large version migrations.

  • Static queries make loading predictable, and cleaner server metric insights.

  • Schema says which fields are being used, so caching (persisted queries) is possible.

    “With GraphQL, we could simply stop writing API documentation or reading it. I think that’s the dream of every developer.” - by @arunoda

Introspection (understanding of the schema) enables AI to build its own queries. VIDEO: to ask “list droids” from the Star Wars GraphQL schema

countries graphql schema which contains an emoji for each country’s flag.

VIDEO: WinCC Unified MCP Server based on GraphQL

StepZen

StepZen.com (acquired by IBM Feb 2023). VIDEO on YouTube by Dev Advocate Anthony Campolo

  1. Update npm.
  2. Install StepZen CLI and create a project workspace. 
    npm install -g stepzen

    There is no brew stepzen for the

  3. Register for a user account within https://stepzen.net domain us-east-a.ibm.stepzen.net
  4. Run stepzen import mysql to connect to your MySQL database; StepZen introspects tables and creates a GraphQL schema automatically. 
    stepzen login -a johndoe
  5. Configure connection details: What is your admin key? (host, db name, user, password).
  6. Deploy the schema with stepzen start to expose your GraphQL API endpoint.
  7. Query data using GraphQL queries like getCustomerList to fetch records from your MySQL tables.
  8. GraphQL Studio

Servers

GraphQL servers can receive queries using different communication protocols:

  • http/https
  • websockets (remains open to facilitate continuous, bidirectional communication with keep-alive messages):
    • apollo or graphql-ws protocol
    • Phoenix channels
    • AWS AppSync realtime protocol (experimental)

Client software

  • Graphene for Django, SQLAlchemy, or Flask projects on an ActiveState containers server and a opinionated code-first/data-model approach that’s simpler/faster
    • How
    • https://github.com/graphql-python/graphene uses HTTPX Docker of subscription app using
    • https://github.com/graphql-python/graphene-pydantic

  • Ariadne, at ariadnegraphql.org github.com/mirumee/ariadne for schema-first approach that’s more flexibility from structured and process-oriented custom types and async support. Generate fully typed and asynchronous GraphQL client Python code from graphql schema, queries, mutations and subscriptions.
    • https://www.obytes.com/blog/getting-started-with-graphql-in-python-with-fastapi-and-ariadne
    • https://github.com/obytes/FastQL
    • Ariadne support asynchronous resolvers for improved performance.

  • Strawberry (at strawberry.rocks) for async-first type-safe FastAPI driven by Python type-hint annotations. and modern async APIs (especially with FastAPI). Strawberry comes with a mypy plugin that enables statically type-checking your GraphQL schema. Uses poetry to manage dependencies,

  • Urql: A simpler, lightweight option for JavaScript apps that keeps things straightforward.

  • For Low-Level Control: Use graphql-core, the Python reference implementation of the GraphQL spec.

  • Use Hasura for bootstrapping the API and integrate Python for business logic https://hasura.io/learn/graphql/backend-stack/languages/python/

GraphQL clients - Relay vs. Apollo

  • Apollo Server: A package for Node.js that comes with everything you need to get your GraphQL server running smoothly. https://dev-blog.apollodata.com/ is based on React Redux, React Native.

    Apollodata.com/Optics provides metrics: execution traces, field latencies, field usage

Facebook also released Relay - made by Facebook for React apps. It’s all about grabbing data in the most efficient way possible. Relay server that responds to GraphQL queries. It’s a JS framework based on React Redux.

CAUTION: Look at the licensing statements from Facebook. You should not use works from Facebook if you might have a product that might infringe on something Facebook may do in the future, such as any social networking, including IoT.

Authorization Security

VIDEO:

The biggest downside of GraphQL is its “self documenting” query API, which becomes a big attack surface for “Broken Access Control” when untrusted clients have access to its query language.

GraphQL needs to control authorization at the field level.

PROTIP: To protect against DDoS, the GraphQL server needs to estimate the complexity of each query/field so it can block those which exceed those which exceed a set maximum complexity value. Such as deeply nested queries. Such is a difficult calculation.

introspection

Perform an introspection query. As the GraphQL schema matures, new data types appear.

Make a single call to retrieve (rather than many REST API calls).

Response is structured using the same JSON hierarchy as the call.

Changes can occur with less fuss than REST API.

Clients

  1. Visit https://graphene-python.org - Graphene for building servers and mutation classes - the front page for the Python library to build GraphQL APIs.

  2. I have that “hello world” code (with added notes) in my repo at:

    https://github.com/wilsonmar/python-samples/blob/master/graphql-hello.py

    pip install graphene is based on code:

    https://github.com/graphql-python/graphene

  3. When executed, the response from graphene-hello.py is simply:

    Whatever world

  4. graphene-schema-hello.py from https://docs.graphene-python.org/en/stable/quickstart/ describes each Field in the data model provided by the server using scalar types like String, Int and Enum and compound types like List and Object.

    For more details refer to the Object-oriented Graphene Types Reference at https://docs.graphene-python.org/en/stable/types/#typesreference

Referencess about Graphene:

  • https://docs.graphene-python.org/en/stable/

  • https://dev.to/mesadhan/python-flask-graphql-with-graphene-nla

https://www.moesif.com/blog/technical/graphql/Getting-Started-with-Python-GraphQL-Part1/

Post-Graphile is an alternative to Graphene.

https://itnext.io/python-graphql-tips-tricks-and-performance-improvements-beede1f4adb6

Client features

  • Query builder
  • Cache
  • Retry
  • Error handling

  • Rollback

  • Conditional fetching
  • Mutations
  • Fragments group commonly used fields and reuses them.
  • Optimistic UI
  • Pagination

https://hygraph.com/blog/python-graphql

Best Practices

Performance measurement is needed because GraphQL Naively resolving nested fields can cause many redundant database queries (N+1 problem). That leads to poor API performance and slow responses. See https://daily.dev/blog/graphql-best-practices-for-efficient-apis

  • k6: A tool for putting your GraphQL API under pressure to see how well it can handle lots of users at once.

  • Artillery: A tool for testing how much load a GraphQL API can take before it starts to slow down or have problems.

  • Input validation: Always check types and required values before calling mutations.
  • Error handling: Check for errors in the API response and handle them gracefully.
  • Atomic operations: Ensure mutations are fully completed or rolled back on error.
  • Return updated data: Design mutations to return the new/updated object.
  • Pagination and batching: For queries, use offset/cursor pagination and minimize round-trips.

Rock Stars

OG GraphQL co-creators at Facebook:

  • Lee Byron (@leeb, leebyron.com)

  • Nicolas Schrock

  • Daniel Schafer

Relay creators at Facebook:

  • Joe Savona (@en_JS)

  • Steven Luscher

  • Greg Hurrell

Meteor Development Group / ApolloData.com / GitHub.com/apollostack

  • CEO Geoff Schmidt (@immir)

  • VP of Product Matt DeBergalis

  • Sashko Stubailo (@stubailo) Slidshare

  • Apollo Services Danielle Man (@danimman)

User GitHub:

  • Brandon Black

User Coursera:

  • Brennan Saeta (@bsaeta)

  • Founder Andrew Ng (@AndrewYNg) on Machine Learning

Users:

  • Kenton Jacobsen from Conde Nast
  • Nick Nance from Credit Karma
  • Mike Isman from Hudl
  • Aaron Weiker from Concur

PowerShellforGitHubGraphQL module

I couldn’t find a PSGallery module for referencing GitHub’s GraphQL, so I set out to create one when that’s what Karol Kaczmarek suggested I do.

PowerShell for GitHub GraphQL

Resources

The Awesome list for GraphQL

DataLoader to reduce over-fetching (one record several times)

Neo4j Online Meetup - Creating a GraphQL Api with Neo4j by Mark Needham

BOOK: https://learning.oreilly.com/library/view/learning-graphql/9781492030706/ Learning GraphQL by Eve Porcello, Alex Banks August 2018

Licensed Hygraph provides enterprises a headless CMS

More on API Microservices

This is one of a series:

GraphQL API was published on .