Software Engineering Daily

The End of GraphQL with Matt Bessey

Oct 16, 2024

45:18

Snipd AI

Matt Bessey, a Principal Engineer and Software Architect, shares his frustrations with GraphQL after six years of experience. He discusses the complexities of GraphQL, including its security vulnerabilities and performance issues compared to traditional REST APIs. The conversation highlights the nuances of authorization in GraphQL and the risks associated with query parsing. Bessey also explores the future of API design, advocating for a user-centric approach and critiquing the trend towards superficial programming education.

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

GraphQL, despite its ability to minimize over-fetching and under-fetching, introduces significant incidental complexity and security challenges for backend engineers.

The discussion highlights OpenAPI 3.0+ as a favorable alternative to GraphQL, providing a simpler, more manageable structure for API design and security.

Deep dives

Introduction to GraphQL and Its Origin

GraphQL is an innovative query language for APIs created by Facebook to minimize issues of overfetching and underfetching common with traditional REST APIs. It allows clients to request exactly the information they need from a single endpoint, thereby enhancing efficiency in data retrieval. However, the technology comes with its own complexities and challenges for backend developers, particularly regarding performance and security. Matt Bessie, a principal engineer, and software architect, articulates these frustrations in his viral blog post that critiques GraphQL and its practical limitations based on his six years of experience.

Access Requires Clear Boundaries

01:33

Intro

2min

Navigating the Complexities of GraphQL

18min

Exploring GraphQL Security and Access Management

3min

Addressing GraphQL Query Vulnerabilities

8min

Understanding API Versioning and its Challenges

2min

The Future of API Design and Development

11min

GraphQL is an open-source query language for APIs and a runtime for executing those queries. It was developed by Facebook to address the problem of over-fetching or under-fetching data, which is a common issue with traditional REST APIs.

Matt Bessey is a Principal Engineer and Software Architect. Earlier this year Matt wrote a blog post titled “Why, after 6 years, I’m over GraphQL”. The post put words to many users’ frustrations with the technology, and it went viral on Hacker News.

Matt joins the show today to talk about GraphQL, the problems it solves, its security vulnerabilities, and why it might not be a good fit for backend engineering today.

You can find a link to Matt’s blog posts here.

Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.

Please click here to see the transcript of this episode.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

The post The End of GraphQL with Matt Bessey appeared first on Software Engineering Daily.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Software Engineering Daily

The End of GraphQL with Matt Bessey

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Introduction to GraphQL and Its Origin

Backend Complexity and Security Challenges

Authorization and the Burden on Developers

Exploring Alternatives to GraphQL

Access Requires Clear Boundaries

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Software Engineering Daily

The End of GraphQL with Matt Bessey

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Introduction to GraphQL and Its Origin

Backend Complexity and Security Challenges

Authorization and the Burden on Developers

Exploring Alternatives to GraphQL

Access Requires Clear Boundaries

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights