Now THIS is the new industry standard that replaces REST API.
Overview
GraphQL is an API server that sits between client applications and data storage.
To adopt GraphQL,
1) Establish relational (SQL) databases (e.g., MySQL, PostgreSQL, SQL Server, MS Fabric) or NoSQL databases (e.g., MongoDB).
2) create a GraphQL schema by writing GraphQL Schema Definition Language. StepZen provides CLI commands to import a MySQL database and auto-generate GraphQL types and queries. Microsoft Fabric can introspect an existing SQL database and automatically generate a GraphQL schema.
3) create resolver software that fetch or manipulate data corresponding to the GraphQL queries or mutations.
4) client apps.
GraphQL is like a buffet. It allows a single data graph with strongly typed schema to return just as much data as needed from a client. VIDEO: Fireship’s “GraphQL Explained in 100 Seconds”.
http://graphql.org/blog says:
Schema Definition Language (SDL)
GraphQL is a data description language and not a programming language.
GraphQL communicates in a Schema Definition Language (SDL) defined at https://graphql.org/learn/schema
type Query { hello(name: String = "stranger"): String goodbye: String }
Glossary
- A GraphQL Schema is like a contract or agreement between you and the server about what data you can ask for. It tells you what’s available.
- Queries: These are like questions you ask to get data.
- Mutations: If you want to add, change, or delete data on the server, you use these.
- Subscriptions: These let the server send you updates automatically when something changes.
- Types: The schema talks about different kinds of data models. Basic types like text or numbers help define simple details.
- Fields: These are specific pieces of data you can ask about. You can also give specific instructions to get exactly what you need.
- Resolvers: These are like helpers on the server that find the data for you.
- special commands control what data you get based on certain conditions.
- smart data fetching: Choose a way to fetch data that automatically handles grouping and storing data efficiently.
- Over-fetching is when you ask for more information than you really need. It’s like packing too much for a trip.
- Under-fetching happens when you make too many small requests. It’s like going back and forth to the store because you forgot items.
Community stats
In September 2015, Facebook (now Meta) released GraphQL to the public, after delivering data to Facebook mobile News Feed since 2012.
http://facebook.github.io/graphql
The status of community as of November 5, 2015:
- 4,376 followers of Twitter account @GraphQL
- 2,328 registered on Facebook’s GraphQL Slack channel managed by Bruno Lemos.
- 540 answers tagged on StackOverflow
- 519 members who joined Facbook’s GraphQL group
- 350 attended the first #graphqlsummit (hosted by Apollo) October 26, 2016 in San Francisco
- 4,500 videos with the name on YouTube
- 45 presentations on SlideShare
- 149 members in the “GraphQL User Group” on LinkedIn which succinctly describes GraphQL thus:
There are Google Groups for specific implementations:
Why?
It was a necessity for Facebook (the world’s busiest mobile app) for these advantages over REST API: GraphQL lets you ask for and get exactly the data desired. This saves time and resources.
-
Perform an introspection query. As the GraphQL schema matures, new data types appear.
-
Make a single call to retrieve (rather than many REST API calls).
-
Response is structured using the same JSON hierarchy as the call. A shared schema language between front-end and back-end. This is hugh.
-
Changes can occur with less fuss (pain) than REST API. No large version migrations.
-
Static queries make loading predictable, and cleaner server metric insights.
-
Schema says which fields are being used, so caching (persisted queries) is possible.
“With GraphQL, we could simply stop writing API documentation or reading it. I think that’s the dream of every developer.” - by @arunoda
Introspection (understanding of the schema) enables AI to build its own queries. VIDEO: to ask “list droids” from the Star Wars GraphQL schema
countries graphql schema which contains an emoji for each country’s flag.
VIDEO: WinCC Unified MCP Server based on GraphQL
StepZen
StepZen.com (acquired by IBM Feb 2023). VIDEO on YouTube by Dev Advocate Anthony Campolo
- Update npm.
- Install StepZen CLI and create a project workspace.
npm install -g stepzen
There is no brew stepzen for the
- Register for a user account within https://stepzen.net domain us-east-a.ibm.stepzen.net
- Run stepzen import mysql to connect to your MySQL database; StepZen introspects tables and creates a GraphQL schema automatically.
stepzen login -a johndoe
- Configure connection details: What is your admin key? (host, db name, user, password).
- Deploy the schema with stepzen start to expose your GraphQL API endpoint.
- Query data using GraphQL queries like getCustomerList to fetch records from your MySQL tables.
- GraphQL Studio
Servers
GraphQL servers can receive queries using different communication protocols:
- http/https
- websockets (remains open to facilitate continuous, bidirectional communication with keep-alive messages):
- apollo or graphql-ws protocol
- Phoenix channels
- AWS AppSync realtime protocol (experimental)
Client software
- Graphene for Django, SQLAlchemy, or Flask projects on an ActiveState containers server and a opinionated code-first/data-model approach that’s simpler/faster
- How
- https://github.com/graphql-python/graphene uses HTTPX Docker of subscription app using
- https://github.com/graphql-python/graphene-pydantic
- Ariadne, at ariadnegraphql.org github.com/mirumee/ariadne for schema-first approach that’s more flexibility from structured and process-oriented custom types and async support. Generate fully typed and asynchronous GraphQL client Python code from graphql schema, queries, mutations and subscriptions.
- https://www.obytes.com/blog/getting-started-with-graphql-in-python-with-fastapi-and-ariadne
- https://github.com/obytes/FastQL
- Ariadne support asynchronous resolvers for improved performance.
-
Strawberry (at strawberry.rocks) for async-first type-safe FastAPI driven by Python type-hint annotations. and modern async APIs (especially with FastAPI). Strawberry comes with a mypy plugin that enables statically type-checking your GraphQL schema. Uses poetry to manage dependencies,
-
Urql: A simpler, lightweight option for JavaScript apps that keeps things straightforward.
-
For Low-Level Control: Use graphql-core, the Python reference implementation of the GraphQL spec.
- Use Hasura for bootstrapping the API and integrate Python for business logic https://hasura.io/learn/graphql/backend-stack/languages/python/
GraphQL clients - Relay vs. Apollo
-
Apollo Server: A package for Node.js that comes with everything you need to get your GraphQL server running smoothly. https://dev-blog.apollodata.com/ is based on React Redux, React Native.
Apollodata.com/Optics provides metrics: execution traces, field latencies, field usage
Facebook also released Relay - made by Facebook for React apps. It’s all about grabbing data in the most efficient way possible. Relay server that responds to GraphQL queries. It’s a JS framework based on React Redux.
CAUTION: Look at the licensing statements from Facebook. You should not use works from Facebook if you might have a product that might infringe on something Facebook may do in the future, such as any social networking, including IoT.
-
graphql-yoga: Another Node.js server option that’s easy to set up and use.
-
gql
An alternative is SPARQL used in IoT.
Scaphold.io provides a SaaS cloud platform using either Relay or Apollo starter kits at
https://github.com/scaphold-io and explained on their YouTube channel
Authorization Security
The biggest downside of GraphQL is its “self documenting” query API, which becomes a big attack surface for “Broken Access Control” when untrusted clients have access to its query language.
GraphQL needs to control authorization at the field level.
PROTIP: To protect against DDoS, the GraphQL server needs to estimate the complexity of each query/field so it can block those which exceed those which exceed a set maximum complexity value. Such as deeply nested queries. Such is a difficult calculation.
introspection
Perform an introspection query. As the GraphQL schema matures, new data types appear.
Make a single call to retrieve (rather than many REST API calls).
Response is structured using the same JSON hierarchy as the call.
Changes can occur with less fuss than REST API.
Clients
-
Visit https://graphene-python.org - Graphene for building servers and mutation classes - the front page for the Python library to build GraphQL APIs.
-
I have that “hello world” code (with added notes) in my repo at:
https://github.com/wilsonmar/python-samples/blob/master/graphql-hello.py
pip install graphene is based on code:
-
When executed, the response from graphene-hello.py is simply:
Whatever world
-
graphene-schema-hello.py from https://docs.graphene-python.org/en/stable/quickstart/ describes each Field in the data model provided by the server using scalar types like String, Int and Enum and compound types like List and Object.
For more details refer to the Object-oriented Graphene Types Reference at https://docs.graphene-python.org/en/stable/types/#typesreference
Referencess about Graphene:
-
https://docs.graphene-python.org/en/stable/
-
https://dev.to/mesadhan/python-flask-graphql-with-graphene-nla
https://www.moesif.com/blog/technical/graphql/Getting-Started-with-Python-GraphQL-Part1/
Post-Graphile is an alternative to Graphene.
https://itnext.io/python-graphql-tips-tricks-and-performance-improvements-beede1f4adb6
Client features
- Query builder
- Cache
- Retry
- Error handling
-
Rollback
- Conditional fetching
- Mutations
- Fragments group commonly used fields and reuses them.
- Optimistic UI
- Pagination
https://hygraph.com/blog/python-graphql
Best Practices
Performance measurement is needed because GraphQL Naively resolving nested fields can cause many redundant database queries (N+1 problem). That leads to poor API performance and slow responses. See https://daily.dev/blog/graphql-best-practices-for-efficient-apis
- k6: A tool for putting your GraphQL API under pressure to see how well it can handle lots of users at once.
-
Artillery: A tool for testing how much load a GraphQL API can take before it starts to slow down or have problems.
- Input validation: Always check types and required values before calling mutations.
- Error handling: Check for errors in the API response and handle them gracefully.
- Atomic operations: Ensure mutations are fully completed or rolled back on error.
- Return updated data: Design mutations to return the new/updated object.
- Pagination and batching: For queries, use offset/cursor pagination and minimize round-trips.
Rock Stars
OG GraphQL co-creators at Facebook:
-
Lee Byron (@leeb, leebyron.com)
-
Nicolas Schrock
-
Daniel Schafer
Relay creators at Facebook:
-
Joe Savona (@en_JS)
-
Steven Luscher
-
Greg Hurrell
Meteor Development Group / ApolloData.com / GitHub.com/apollostack
-
CEO Geoff Schmidt (@immir)
-
VP of Product Matt DeBergalis
-
Sashko Stubailo (@stubailo) Slidshare
-
Apollo Services Danielle Man (@danimman)
User GitHub:
- Brandon Black
User Coursera:
-
Brennan Saeta (@bsaeta)
-
Founder Andrew Ng (@AndrewYNg) on Machine Learning
Users:
- Kenton Jacobsen from Conde Nast
- Nick Nance from Credit Karma
- Mike Isman from Hudl
- Aaron Weiker from Concur
PowerShellforGitHubGraphQL module
I couldn’t find a PSGallery module for referencing GitHub’s GraphQL, so I set out to create one when that’s what Karol Kaczmarek suggested I do.
Resources
DataLoader to reduce over-fetching (one record several times)
Neo4j Online Meetup - Creating a GraphQL Api with Neo4j by Mark Needham
BOOK: https://learning.oreilly.com/library/view/learning-graphql/9781492030706/ Learning GraphQL by Eve Porcello, Alex Banks August 2018
Licensed Hygraph provides enterprises a headless CMS
More on API Microservices
This is one of a series:
- API Portals
- GraphQL API
- GitHub API
- GitHub GraphQL API
- API Swagger
- API Design Tools
- API Design
- API Programming
- REST API Responses
- API Management Evaluation
- API Management by Microsoft Azure
- API Management by Amazon
- PowerShell GitHub API Programming
- PowerShell API Programming
- PowerShell Desired State Configuration
- PowerShell on Mac