Introduction: What is GraphQL?
GraphQL is:
- A query language used to request data
- A runtime that executes those queries
- An API design that usually works on one single endpoint
Instead of returning a fixed response like REST, the API provides flexible data fetching, allowing the client to request exactly what it needs. This makes the API more frontend-friendly and adaptable to changing UI requirements.
Why GraphQL?
Nowadays, applications like React apps, Angular apps, and mobile apps need APIs that are flexible and fast.
Frontend developers usually expect:
Frontend developers usually expect:
- Only required data
- Less number of API calls
- Faster UI development
But when we use traditional REST APIs, we often face problems like:
- API sends extra data that UI never uses
- Multiple APIs are needed for one screen
- Any UI change forces backend API changes
Because of these issues, GraphQL becomes a good solution.
It allows the client (frontend) to decide what data it wants, instead of backend forcing a fixed response.
It allows the client (frontend) to decide what data it wants, instead of backend forcing a fixed response.
REST vs GraphQL
REST API
GET /api/products
This returns many fields even if UI needs only product name and price.
GraphQL
query {
products {
name
price
}
}
This returns only name and price, nothing extra.
This is the biggest advantage of GraphQL.
This is the biggest advantage of GraphQL.
Why GraphQL is Better Than REST (Practical View)
- UI gets only required data
- One endpoint works for many clients
- No unnecessary payload
- Backend does not change for UI changes
This makes frontend and backend more independent.
When Should You Use GraphQL?
GraphQL is good when:
- Frontend has heavy UI logic
- Same backend is used by web and mobile apps
- UI keeps changing frequently
- You want to reduce network calls
GraphQL is not ideal when:
- Application is very simple CRUD
- API mainly handles file uploads/downloads
- Strong HTTP caching is a top requirement
Setting Up GraphQL in .NET Core (Working Example)
Create a New Project
dotnet new webapi -n GraphQLDemo
cd GraphQLDemo
This creates a basic ASP.NET Core Web API project.
Install Required Packages
dotnet add package GraphQL
dotnet add package GraphQL.Server.Transports.AspNetCore
dotnet add package GraphQL.Server.Ui.GraphiQL
These packages help us:
- Define GraphQL schema
- Run GraphQL queries
- Use GraphQL GraphiQL UI
Product Model
What this code does
- Creates a simple C# class
- Represents a product entity
Why this is required
- GraphQL works with strongly typed objects
- This model acts as the data source
- In real projects, this usually maps to a database table
So this model is the base of our GraphQL response.
ProductType (GraphQL Object Type)
What this code does
- Converts the C# Product class into a GraphQL type
- Exposes fields like id, name, and price
Why this is required
- GraphQL does not directly expose C# models
- You must clearly define which fields are allowed
Security benefit
Only fields defined here can be queried, so sensitive data is automatically protected.
ProductQuery (Query Resolver)
What this code does
- Creates a GraphQL query named products
- Defines how product data is fetched
- Executes resolver logic when query runs
Why this is required
- GraphQL needs resolver logic to get data
- This is similar to a controller method in Web API
In real projects, resolver usually calls:
- Service layer
- EF Core
- External APIs
Resolver acts as a bridge between query and data.
AppSchema (GraphQL Schema)
What this code does
- Registers all available queries
- Acts as the main entry point for GraphQL execution
Why this is required
- GraphQL cannot work without schema
- Schema defines:
- Available queries
- Available mutations (later)
Schema is the contract between frontend and backend.
Registering GraphQL Services (Dependency Injection)
What this code does
- Registers GraphQL components in ASP.NET Core DI
- Allows GraphQL to resolve dependencies properly
Why this is required
- GraphQL.NET depends on dependency injection.
- Without this:
- Schema won’t load
- Queries will fail
This follows normal ASP.NET Core best practices
Add GraphQL Configuration
What this code does
- Enables GraphQL in ASP.NET Core
- Configures JSON serialization
Why this is required
- GraphQL responses are returned in JSON format
- Uses System.Text.Json for better performance
- Registers GraphQL middleware internally
Without this setup, GraphQL endpoint won’t work.
GraphQL Middleware Configuration
What this code does
- UseGraphQL<ISchema>() exposes /graphql endpoint
- UseGraphQLGraphiQL() provides UI to test queries
Why this is required
- GraphQL works over HTTP
- Middleware connects HTTP request to GraphQL engine
GraphiQL helps developers:
- Test queries
- Explore schema
- Debug responses
GraphiQL should be disabled in production.
GraphQL Query Example
query {
products {
id
name
price
}
}
What happens here
- Client requests only required fields
- products resolver is executed
Why this is powerful
- No over-fetching
- One backend supports multiple UIs
- Client controls response format
This is the core strength of GraphQL.
Testing Using GraphQL Playground
Open:
https://localhost:{port}/ui/playground
Run the query:
query {
products {
id
name
price
}
}
Response
{
"data": {
"products": [
{ "id": 1, "name": "Apple", "price": 120 },
{ "id": 2, "name": "Banana", "price": 60 }
]
}
}
Security Considerations
GraphQL is not secure by default. You must implement:
- Authentication (JWT / OAuth)
- Query depth limit
- Disable schema introspection in production
- Rate limiting
Security depends on how you implement GraphQL, not GraphQL itself.
Real-World Architecture
Frontend (React / Mobile)
→ GraphQL Query
→ Resolver
→ Service Layer
→ Database
GraphQL acts as a smart data layer between UI and backend.
Conclusion
GraphQL is a strong API solution when:
- UI changes frequently
- Multiple clients use the same backend
- Performance and flexibility are important
But for simple CRUD applications, REST APIs are still a very good and simple choice.
No comments:
Post a Comment