

The End of GraphQL with Matt Bessey
22 snips Oct 16, 2024
Matt Bessey, a Principal Engineer and Software Architect, shares his frustrations with GraphQL after six years of experience. He discusses the complexities of GraphQL, including its security vulnerabilities and performance issues compared to traditional REST APIs. The conversation highlights the nuances of authorization in GraphQL and the risks associated with query parsing. Bessey also explores the future of API design, advocating for a user-centric approach and critiquing the trend towards superficial programming education.
AI Snips
Chapters
Transcript
Episode notes
GraphQL's Backend Complexity
- GraphQL's frontend experience is great, but it adds complexity for backend engineers.
- Performance and security are hard to maintain because client changes can impact the backend.
GraphQL's Attack Surface
- GraphQL's query language creates a larger attack surface than REST.
- REST has finite endpoints, while GraphQL has many, potentially infinite, ways to query, increasing security risks.
GraphQL Authorization Challenges
- Authorizing every part of a GraphQL response is crucial, even scalar values.
- Matt's team faced performance issues from excessive authorization calls, often the slowest part of requests.