Software Engineering Daily

The End of GraphQL with Matt Bessey

22 snips
Oct 16, 2024
Matt Bessey, a Principal Engineer and Software Architect, shares his frustrations with GraphQL after six years of experience. He discusses the complexities of GraphQL, including its security vulnerabilities and performance issues compared to traditional REST APIs. The conversation highlights the nuances of authorization in GraphQL and the risks associated with query parsing. Bessey also explores the future of API design, advocating for a user-centric approach and critiquing the trend towards superficial programming education.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

GraphQL's Backend Complexity

  • GraphQL's frontend experience is great, but it adds complexity for backend engineers.
  • Performance and security are hard to maintain because client changes can impact the backend.
INSIGHT

GraphQL's Attack Surface

  • GraphQL's query language creates a larger attack surface than REST.
  • REST has finite endpoints, while GraphQL has many, potentially infinite, ways to query, increasing security risks.
ANECDOTE

GraphQL Authorization Challenges

  • Authorizing every part of a GraphQL response is crucial, even scalar values.
  • Matt's team faced performance issues from excessive authorization calls, often the slowest part of requests.
Get the Snipd Podcast app to discover more snips from this episode
Get the app