GraphQL Flashcards
Apollo
a platform which provides us all the tools for implementing a GQL server.
Resolvers:
functions that are responsible for return values for fields that exists within types in a schema.
Resolvers allow us to define the mapping of the queries we’ve defined in our schema to the data source method which returns the data.
Input Types
just like types, but for arguments
you can only use them for arguments
all fields eventually have to resolve to a scalar
within schema, instead of using type Type {}, use input {}, besides that it is exactly the same
Mutation:
a type on a schema that defines operations clients can perform mutate data(Create Update Delete)
define mutation type on schema using SDL
add fields for mutation type
add args for mutation fields
create resolvers for mutation fields
Query:
describes the data that we can fetch.
Is GraphQL a Database Technology?
No. GraphQL is often confused with being a database technology. This is a misconception, GraphQL is a query language for APIs - not databases. In that sense it’s database agnostic and can be used with any kind of database or even no database at all.
What is GraphQL?
GraphQL is a query language which provides a common interface between the client and the server for data fetching and manipulations.
The client asks for various data from the GraphQL server via queries. The response format is described in the query and defined by the client instead of the server: they are called client‐specified queries. The structure of the data is not hardcoded as in traditional REST APIs - this makes retrieving data from the server more efficient for the client.
How to do Error Handling?
A successful GraphQL query is supposed to return a JSON object with a root field called “data”. If the request fails or partially fails (e.g. because the user requesting the data doesn’t have the right access permissions), a second root field called “errors” is added to the response:
{
“data”: { … },
“errors”: [ … ]
}
What is GraphQL schema?
Every GraphQL server has two core parts that determine how it works: a schema and resolve functions.
The schema is a model of the data that can be fetched through the GraphQL server. It defines what queries clients are allowed to make, what types of data can be fetched from the server, and what the relationships between these types are.
How to do Server-side Caching?
One common concern with GraphQL, especially when comparing it to REST, are the difficulties to maintain server-side cache. With REST, it’s easy to cache the data for each endpoint, since it’s sure that the structure of the data will not change.
With GraphQL on the other hand, it’s not clear what a client will request next, so putting a caching layer right behind the API doesn’t make a lot of sense.
Server-side caching still is a challenge with GraphQL.
How to do Authentication and Authorization?
Authentication and authorization are often confused. Authentication describes the process of claiming an identity. That’s what you do when you log in to a service with a username and password, you authenticate yourself. Authorization on the other hand describes permission rules that specify the access rights of individual users and user groups to certain parts of the system.
Authentication in GraphQL can be implemented with common patterns such as OAuth.
To implement authorization, it is recommended to delegate any data access logic to the business logic layer and not handle it directly in the GraphQL implementation.
List the key concepts of the GraphQL query language
Hierarchical Product‐centric Strong‐typing Client‐specified queries Introspective
Explain the main difference between REST and GraphQL
The main and most important difference between REST and GraphQL is that GraphQL is not dealing with dedicated resources, instead everything is regarded as a graph and therefore is connected and can be queried to app exact needs.
What are the disadvantages of GraphQL
-queries always return a HTTP status code of 200 , regardless of whether or not that query was successful.
-server side caching gets complicated since endpoints aren’t clearly defined.
however, most libs built in GQL have caching features out of the box.
-rate limiting which has more to do with what individual companies decide based on their metrics.
How do you prevent nested attack on GraphQL server?
Query Validation: server tries to determine if there are serious errors within the query
Query Timeout: adding a timeout to the query.
Query Whitelisting: create a list of allowed queries ahead of time.
Query Cost Limiting: you can assign a cost do various queries.
