CloudDay 2022

#CLOUDDAY2022 THE BATTLE OF APIs REST vs GraphQL on AWS
MARIANO CALANDRA Claranet Italia @MarianoCalandra

#CLOUDDAY2022 83%

#CLOUDDAY2022 83% of all web traffic currently comes from some
form of API! Source: The state of the Internet by Akamai (link)

#CLOUDDAY2022 API technologies • REST • GraphQL • SOAP •
gRPC • Apache Thrift • JSON-LD • HAL • ODATA • …and more

#CLOUDDAY2022 History of REST • 2000 – Roy Fielding writes
the REST guidelines as part of his doctoral dissertation; • 2001 – eBay launch its REST based API; • 2002 – Amazon launch its REST API; • 2004 – the Flickr’s turn;

#CLOUDDAY2022 History of GraphQL • 2012 – Built to support
Facebook mobile apps • 2015 – The specification is released as open source; • 2018 – GraphQL foundation (AWS, Meta, Microsoft, Twitter…)

#CLOUDDAY2022 • What is an API? • REST and GraphQL
on AWS • Demos • How to choose? Agenda

#CLOUDDAY2022 What is an API? #CLOUDDAY2022

#CLOUDDAY2022 «Purpose of an API is to hide the internal
details of how the system work» Source: Representational State Transfer on Wikipedia (link) What is an API?

#CLOUDDAY2022 What is an API? A createOrder API might save
a new record into the database, send an email notification and connect to a 3rd-party service (like shipping or payment). Client API Backend Third party Database Mail service

#CLOUDDAY2022 REST API: create an order (request) POST https://api.acme.com/orders {
"idProducts": [5, 43, 35, 12], "idUser": 12 }

#CLOUDDAY2022 REST API: create an order (response) POST https://api.acme.com/orders {
"idProducts": [5, 43, 35, 12], "idUser": 12 } { "idOrder": 1313 }

#CLOUDDAY2022 REST API: request’s parts POST https://api.acme.com/orders { "idProducts": [5,
43, 35, 12], "idUser": 12 } The resource endpoint URI is composed of two parts. A fixed part and the name of the resource.

43, 35, 12], "idUser": 12 } The intent is expressed trough HTTP methods. POST is to add records, other common verbs are PUT, DELETE, GET.

43, 35, 12], "idUser": 12 } The payload of the request, with all the data that you want to add.

#CLOUDDAY2022 REST API: delete an order DELETE https://api.acme.com/orders/1212

#CLOUDDAY2022 REST API: read record(s) GET https://api.acme.com/orders/1313

#CLOUDDAY2022 REST API: read record(s) GET https://api.acme.com/orders/1313 { "id": 1313,
"addedAt": "2022-10-25T22:41:48.699Z" "user": "https://api.acme.com/users/12", "products": [ "https://api.acme.com/products/5", "https://api.acme.com/products/43", "https://api.acme.com/products/35", "https://api.acme.com/products/12" ] } More on RESTful API: REST APIs must be hypertext-driven (link)

"addedAt": "2022-10-25T22:41:48.699Z" "user": "https://api.acme.com/users/12", "products": [ "https://api.acme.com/products/5", "https://api.acme.com/products/43", "https://api.acme.com/products/35", "https://api.acme.com/products/12" ] } What if clients doesn’t need addedAt field?

#CLOUDDAY2022 REST API: main issues OVERFETCHING The client receive more
information than needed ⟹ more latency.

"addedAt": "2022-10-25T22:41:48.699Z" "user": "https://api.acme.com/users/12", "products": [ "https://api.acme.com/products/5", "https://api.acme.com/products/43", "https://api.acme.com/products/35", "https://api.acme.com/products/12" ] } What if clients would provide information for these records?

#CLOUDDAY2022 REST API: Main issues OVERFETCHING The client receive more
information than needed ⟹ more latency. UNDERFETCHING The client gets less information than needed ⟹ extra HTTP calls.

#CLOUDDAY2022 Overfetching: GraphQL approach POST https://api.acme.com/graphql query { getOrder(id: 1313){
id addedAt } }

#CLOUDDAY2022 Overfetching: GraphQL approach { "data": { "getOrder": { "id":
"1313", "addedAt": "2022-10-25T22:41:48.699Z" } } }

#CLOUDDAY2022 Underfetching: GraphQL approach POST https://api.acme.com/graphql query { getOrder(id: 1313){
id addedAt user { name } } }

#CLOUDDAY2022 Underfetching: GraphQL approach { "data": { "getOrder": { "id":
"1313", "addedAt": "2022-10-25T22:41:48.699Z", "user": { "name": "mariano" } } } }

#CLOUDDAY2022 GrapnQL API: request’s parts POST https://api.acme.com/graphql query { getOrder(id:
1313){ id addedAt user { name } } } A single endpoint with a single possible action: POST!

#CLOUDDAY2022 GrapnQL API: request’s parts POST https://api.acme.com/graphql query { getOrder(id:
1313){ id addedAt user { name } } } A payload with a GraphQL query: «give me the id, the addedAt and the name of the user.»

#CLOUDDAY2022 GraphQL API: Payload validation POST https://api.acme.com/graphql query { getOrder(id:
1313){ id addedAt address user { name } } } «Validation error of type FieldUndefined: Field 'address' in type 'Order' is undefined @ 'getOrder/address'»

#CLOUDDAY2022 GraphQL API: Types type Order { id: ID! addedAt:
String! products: [Product!]! user: User! }

String! products: [Product!]! user: User! } type Product { id: ID! name: String! }

String! products: [Product!]! user: User! } type Product { id: ID! name: String! } type User { id: ID! name: String! address: String! }

#CLOUDDAY2022 GraphQL API: Operations type Query { getOrder(id: ID!): Order
}

#CLOUDDAY2022 GraphQL API: Operations type Query { getOrder(id: ID!): Order
} type Mutation { createUser(name: String!): User! createProduct(name: String!): Product! createOrder(idProducts: [ID!]!, idUser: ID!): Order! }

#CLOUDDAY2022 GraphQL API: Resolvers type Order { id: ID! addedAt:
String! products: [Product!]! user: User! } orders id addedAt idProducts idUser 1313 2022-10-25T22:41:48.699Z [5, 12, 35, 43] 12

String! products: [Product!]! user: User! } orders id addedAt idProducts idUser 1313 2022-10-25T22:41:48.699Z [5, 12, 35, 43] 12 products id name 5 Product 1 12 Product 2 35 Product 3 43 Product 4 67 Product 5

String! products: [Product!]! user: User! } orders id addedAt idProducts idUser 1313 2022-10-25T22:41:48.699Z [5, 12, 35, 43] 12 products id name 5 Product 1 12 Product 2 35 Product 3 43 Product 4 67 Product 5 users id name address 12 mariano 22, Acacia Avenue 25 peter 14, North Moore Street

#CLOUDDAY2022 REST and GraphQL on AWS #CLOUDDAY2022

#CLOUDDAY2022 REST on AWS with API Gateway

#CLOUDDAY2022 GraphQL on AWS with AppSync

#CLOUDDAY2022 How to choose? #CLOUDDAY2022

#CLOUDDAY2022 REST vs. GraphQL REST GraphQL Shared definition No Yes
Conceptual model Resources Graph Introspection No Yes Data typing No Yes Data shape Defined by server Defined by clients Programming language Built-in support External libraries are needed Tools wget, cURL, Postman Postman Source: Building Modern APIs with GraphQL, AWS Summit London 2019, Robert Zhu (link)

#CLOUDDAY2022 API Gateway vs. AppSync API Gateway AppSync Group-based authorization
Hard to implement Easy (data annotations) Request/Response validation Only request Both WebSockets Hard to implement Easy (data annotations) API Documentation Using OpenAPI/Swagger Built-in with introspection Integration with AWS services Many alternatives Apache Velocity Source: Five reasons you should consider AppSync over API Gateway, Lumigo Blog, Yan Cui (link)

#CLOUDDAY2022 Who am I? Mariano Calandra 👋 Works at Claranet
Italia where he helps international customers succeed using AWS and cloud-native architectures. He’s an AWS Authorized Instructor, an AWS Community Builder, a co-organizer of ServerlessDays Rome and the AWS UG in Rome.

#CLOUDDAY2022 Work with us claranetitalia.recruitee.com

#CLOUDDAY2022 SPONSOR DIAMOND PLATINUM GOLD

#CLOUDDAY2022 PARTNER

#CLOUDDAY2022 Grazie! #CLOUDDAY2022

CloudDay 2022

CloudDay 2022

More Decks by Mariano Calandra

Other Decks in Programming

Featured

Transcript