惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
B
Blog RSS Feed
W
WeLiveSecurity
I
InfoQ
L
Lohrmann on Cybersecurity
Simon Willison's Weblog
Simon Willison's Weblog
腾讯CDC
S
Schneier on Security
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Threat Research - Cisco Blogs
P
Palo Alto Networks Blog
Attack and Defense Labs
Attack and Defense Labs
I
Intezer
Recent Commits to openclaw:main
Recent Commits to openclaw:main
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Last Week in AI
Last Week in AI
WordPress大学
WordPress大学
Cisco Talos Blog
Cisco Talos Blog
T
The Exploit Database - CXSecurity.com
S
Securelist
T
Tailwind CSS Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
美团技术团队
Stack Overflow Blog
Stack Overflow Blog
T
Tor Project blog
博客园 - 叶小钗
Engineering at Meta
Engineering at Meta
Microsoft Security Blog
Microsoft Security Blog
Project Zero
Project Zero
C
Cybersecurity and Infrastructure Security Agency CISA
Apple Machine Learning Research
Apple Machine Learning Research
V
Visual Studio Blog
Know Your Adversary
Know Your Adversary
T
The Blog of Author Tim Ferriss
N
News and Events Feed by Topic
小众软件
小众软件
G
Google Developers Blog
F
Full Disclosure
O
OpenAI News
The Last Watchdog
The Last Watchdog
G
GRAHAM CLULEY
TaoSecurity Blog
TaoSecurity Blog
U
Unit 42
Jina AI
Jina AI
S
SegmentFault 最新的问题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
Y
Y Combinator Blog
N
News and Events Feed by Topic
K
Kaspersky official blog

Max Stoiber's Essays

Save polish for where it matters How I get things done How I run gratitude circles How to present to executives Message me whenever How I manage my todos as a CEO How to run recurring virtual meetings efficiently How to have great taste How to be great at storytelling How we make brainstorming work How do you invent the future? Being unreasonably responsive has made my projects more successful Why I'm vigorous about giving feedback How to ship faster How to be better at making decisions How I tend to my digital garden David Cain: Do Quests, Not Goals Deliberate practice beats every other form of training, even via transfer learning How we foster deeper connections in our remote team Why I don't compliment people for their talent How can you slow down life? (which is perceptually half over by 23) 1:1s are for personal connection, not project updates Developer tools startups are playing on hard mode Developer tools are different than tools for any other profession Why I Love Tailwind Margin considered harmful I am joining Gatsby Why I Write CSS in JavaScript Tech Choices I Regret at Spectrum Streaming Server-Side Rendering and Caching
You probably don't need GraphQL
Max Stoiber · 2024-04-10 · via Max Stoiber's Essays

I asked, “Why are you not using GraphQL?” on Twitter, and most of the 150+ responses were some form of “I don’t need it.”

And they are right: they probably don’t need GraphQL!

You might be surprised to read that from the co-founder of a GraphQL company.

Let me explain.

Why you probably don’t need GraphQL

Shortly after its release by Facebook in 2015 (almost ten years ago!), GraphQL got a lot of hype because it enabled building typesafe APIs with a better developer experience than any other API. All kinds of people adopted it, including:

  1. Early-stage startups with small teams
  2. Indie hackers building their MVPs
  3. Companies building products without a UI
  4. Microservice teams for service-to-service communication
  5. Even database engine teams as their query language

But GraphQL wasn’t made for those use cases.

Facebook invented GraphQL as a central intermediary layer between their many end-user-facing clients and many data sources. They made a new language (and thus toolchain) to enable it to work across microservices written in different languages.

That makes it a heavy-handed solution for the problem of “I want client-side data access to be typesafe.” Inevitably, better solutions for those use cases emerged (like tRPC) and overtook GraphQL in adoption. And, with the advent of React server components, many of these use cases are yet again poised to be even further simplified.

So then, who even needs GraphQL?

The difficulty of answering “Who needs GraphQL?” is that GraphQL solves many different problems. When you speak with two people who use it, you will inevitably get two different answers about why they’re using it.

Not only that, but GraphQL doesn’t obviously solve all of these many different problems; many just kind of… disappear when you’re using GraphQL. That makes it difficult to realize that GraphQL solves them because you “have to have been there before” to see which problems quietly disappeared.

I would know: as part of my job of running a GraphQL company, I’ve spent the last three years speaking with thousands of engineers at hundreds of companies about their APIs, especially ones building with GraphQL.

Let me summarize what they’ve told me about the problems GraphQL solved for them and how it did.

The problems that GraphQL solves

1. Mobile apps break periodically after API changes

GraphQL only returns the fields the client explicitly requests, so new capabilities can be added by adding new types or fields, which is never a breaking change for existing clients.

On top of that, you can monitor which clients are using which fields because they have to specify exactly which data they need.

2. Slow loading times because of request waterfalls and/or overfetching

With GraphQL, a client sends one request for all the data it needs to render the whole page/view, and the server resolves all of it and sends it back in one response—without the duplication introduced by BFFs. (the client can even ask the server to stream above-the-fold data first with the @defer and @stream directives)

3. Difficult maintenance and endpoint discovery due to hundreds of duplicative one-off endpoints

GraphQL centralizes the data access of each entity/resource. When an underlying microservice or database changes how it manages its data, that change only has to be applied to the single, central place in the API layer rather than having to update many endpoints or BFFs.

Going one step further, GraphQL enables clients to specify their data needs on a component level with fragments. (e.g., a UserAvatar component can abstractly specify that it needs UserType.avatarUrl) So, even on the client, changes must be applied only to the specific components the change is related to!

4. Security and performance are a game of whack-a-mole

GraphQL is the central data access layer for clients, so you can enforce security and performance SLAs at as fine-grained a level as you need. Similarly to per-endpoint for REST APIs, you can enforce limits per-operation in GraphQL, but you can also go more fine-grained and limit per-type or even per-field.


If your company is running into one (or more!) of these problems, you owe it to yourselves to consider adding GraphQL to your stack.

If you don’t have any of these problems today, you might wonder, “When will I hit these problems?” The answer is that it’s difficult to predict because it depends on your specific use case. Some companies scale to 50 engineers and millions of users without hitting any of these problems. Others hit multiple of these problems while building their MVPs.

To give some guidance from my experience: at the latest when you have 100+ engineers, you will likely run into at least one of these problems.

That’s why most of the responders to my tweet were right: they probably don’t need GraphQL.

One thing is for certain, though: whenever you hit any of these problems, GraphQL will be there to solve them for you.