GraphQL Best Practices

The GraphQL specification is intentionally silent on a handful of important issues facing APIs such as dealing with the network, authorization, and pagination. This doesn’t mean that there aren’t solutions for these issues when using GraphQL, just that they’re outside the description about what GraphQL is and instead just common practice.

The articles in this section should not be taken as gospel, and in some cases may rightfully be ignored in favor of some other approach. Some articles introduce some of the philosophy developed within Facebook around designing and deploying GraphQL services, while others are more tactical suggestions for solving common problems like serving over HTTP and performing authorization.

Thinking in GraphsModel your business domain as a graph Serving over HTTPHandle GraphQL requests on HTTP servers AuthorizationDelegate authorization logic to the business logic layer PaginationAllow clients to traverse lists of objects with a consistent field pagination model Schema DesignDesign and evolve a type system over time without versions Global Object IdentificationConsistent object access enables simple caching and object lookups CachingProvide Object Identifiers so clients can build rich caches PerformanceOptimize the execution and delivery of GraphQL responses SecurityProtect GraphQL APIs from malicious operations

Introspection Thinking in Graphs