Pricing

Over GraphQL: 6 Years Later, Here's Why

BY Mark Howell 30 May 20244 MINS READ
article cover

Today in Edworking News we want to talk about GraphQL is an incredible piece of technology that has captured a lot of mindshare since I first started slinging it in production in 2018. You won’t have to look far back on this (rather inactive) blog to see I have previously championed this technology. After building many a React SPA on top of a hodge podge of untyped JSON REST APIs, I found GraphQL a breath of fresh air. I was truly a GraphQL hype train member. However, as the years have gone on and I have had the opportunity to deploy to environments where non functional requirements like security, performance, and maintainability were more of a concern, my perspective has changed. In this article I would like to take you through why today, I would not recommend GraphQL to most people, and what I think are better alternatives. Throughout I will use Ruby code with the excellent graphql-ruby library for examples, but I believe many of these problems are ubiquitous across choice of language / GraphQL library. If you know of better solutions and mitigations, please do leave a comment. Now, lets begin…

Attack Surface

Exposing a query language like GraphQL to untrusted clients increases the attack surface of the application. This comes with multiple risks:

  • Authorisation: If you expose a fully self-documenting query API to all clients, every field must be properly authorised against the current user. For more insights, check out this comprehensive guide to security matters.

  • Rate Limiting: It's challenging to assume that all requests are equally taxing on the server.

  • Query Parsing: Queries must be parsed before execution, which can lead to significant performance issues if not managed correctly.

Image Description

GraphQL's extensive query and response cycle can expose significant attack surfaces

Performance Issues

The most discussed performance issue with GraphQL is its incompatibility with HTTP caching. However, there are more pressing issues:

  • Data Fetching and the N+1 Problem: This problem arises when field resolvers hit external sources multiple times for each list item, resulting in excessive calls. Consider using these task management and productivity alternatives to better allocate resources.

  • Authorisation and the N+1 Problem: Authorisation logic within GraphQL can introduce significant performance overheads.

Coupling and Complexity

GraphQL forces your business logic into the transport layer through:

  • Authorisation framework integration

  • Dataloader abstractions

  • Extensive integration testing
    This can lead to significant complexity in the codebase. For a better understanding of how to manage complex projects and achieve optimal results, review the essential elements of workload management.

Edworking is the best and smartest decision for SMEs and startups to be more productive. Edworking is a FREE superapp of productivity that includes all you need for work powered by AI in the same superapp, connecting Task Management, Docs, Chat, Videocall, and File Management. Save money today by not paying for Slack, Trello, Dropbox, Zoom, and Notion.

Alternatives

If GraphQL isn't the right fit, an OpenAPI 3.0+ compliant JSON REST API might be a better solution. This approach offers the same self-documenting and type-safe nature without the excessive complexity.

Implementation Approaches

  1. Implementation First: Generates OpenAPI specs from a typed / type-hinted server.

  2. Specification First: Generates code from a hand-written spec. TypeSpec offers a promising solution for this approach.

Remember these 3 key ideas for your startup:

  1. Security Matters: Exposing a query language like GraphQL to untrusted clients increases the attack surface. Authorisation and rate limiting must be meticulously managed.

  2. Performance Hurdles: Be aware of the N+1 problem and parsing overheads, which can lead to significant performance bottlenecks. Learn more about the N+1 problem and how to manage it effectively.

  3. Simpler Solutions Exist: An OpenAPI 3.0+ compliant JSON REST API offers similar benefits to GraphQL but with reduced complexity, making it a better fit for many startups and SMEs.

For more insights and practical advice on improving your productivity, consider Edworking, which offers a FREE AI-powered superapp incorporating task management, docs, chat, videoconferencing, and file management—all in one place. Learn more about Edworking.
For more details, see the original source.

article cover
About the Author: Mark Howell Linkedin

Mark Howell is a talented content writer for Edworking's blog, consistently producing high-quality articles on a daily basis. As a Sales Representative, he brings a unique perspective to his writing, providing valuable insights and actionable advice for readers in the education industry. With a keen eye for detail and a passion for sharing knowledge, Mark is an indispensable member of the Edworking team. His expertise in task management ensures that he is always on top of his assignments and meets strict deadlines. Furthermore, Mark's skills in project management enable him to collaborate effectively with colleagues, contributing to the team's overall success and growth. As a reliable and diligent professional, Mark Howell continues to elevate Edworking's blog and brand with his well-researched and engaging content.

Trendy NewsSee All Articles
CoverDecoding R1: The Future of AI Reasoning ModelsR1 is an affordable, open-source AI model emphasizing reasoning, enabling innovation and efficiency, while influencing AI advancements and geopolitical dynamics.
BY Mark Howell 26 January 2025
CoverSteam Brick: A Minimalist Gaming Console Redefines PortabilitySteam Brick: A modified, screenless Steam Deck for travel, focusing on portability by using external displays and inputs. A creative yet impractical DIY project with potential risks.
BY Mark Howell 26 January 2025
CoverVisual Prompt Injections: Essential Guide for StartupsThe Beginner's Guide to Visual Prompt Injections explores vulnerabilities in AI models like GPT-4V, highlighting security risks for startups and offering strategies to mitigate potential data compromises.
BY Mark Howell 13 November 2024
CoverGraph-Based AI: Pioneering Future Innovation PathwaysGraph-based AI, developed by MIT's Markus J. Buehler, bridges unrelated fields, revealing shared complexity patterns, accelerating innovation by uncovering novel ideas and designs, fostering unprecedented growth opportunities.
BY Mark Howell 13 November 2024
CoverRevolutionary Image Protection: Watermark Anything with Localized MessagesWatermark Anything enables embedding multiple localized watermarks in images, balancing imperceptibility and robustness. It uses Python, PyTorch, and CUDA, with COCO dataset, under CC-BY-NC license.
BY Mark Howell 13 November 2024
CoverJungle Music's Role in Shaping 90s Video Game SoundtracksJungle music in the 90s revolutionized video game soundtracks, enhancing fast-paced gameplay on PlayStation and Nintendo 64, and fostering a cultural revolution through its energetic beats and immersive experiences.
BY Mark Howell 13 November 2024
CoverMastering Probability-Generating Functions: A Guide for EntrepreneursProbability-generating functions (pgfs) are mathematical tools used in probability theory for data analysis, risk management, and predictive modeling, crucial for startups and SMEs in strategic decision-making.
BY Mark Howell 31 October 2024
CoverMastering Tokenization: Key to Successful AI ApplicationsTokenization is crucial in NLP for AI apps, influencing data processing. Understanding tokenizers enhances AI performance, ensuring meaningful interactions and minimizing Garbage In, Garbage Out issues.
BY Mark Howell 23 October 2024
Try EdworkingA new way to work from  anywhere, for everyone for Free!
Sign up Now