goodapi.co Zdenek “Z” Nemec goodapi.co REST vs. GraphQL Critical Review

goodapi.co I help businesses build APIs Zdenek “Z” Nemec @zdne zdne1

goodapi.co https://supermodel.io

goodapi.co REST & GraphQL

goodapi.co REST & GraphQL • GraphQL: graphql.org • REST: internet • Protocols, frameworks, languages and architectural styles • API Paradigms • HTTP protocol for purpose of this critical review

goodapi.co THIS IS A CRITICAL REVIEW

goodapi.co REVIEWS TO DATE

goodapi.co REVIEWS TO DATE

goodapi.co REVIEWS TO DATE

goodapi.co REVIEWS TO DATE “…then GraphQL is the new REST” Both REST vs. SOAP & GraphQL vs. REST “movements” are clearly fueled by unhappy, overlooked and over-served API consumers.

goodapi.co API COMMUNITY IS STILL RELATIVELY SMALL. WE SHOULD WORK TOGETHER.

goodapi.co WHICH ONE IS THE BEST? REST vs. GraphQL

goodapi.co FRAMEWORK FOR COMPARING API PARADIGMS– ARCHITECTURAL STYLES

goodapi.co ARCHITECTURAL STYLE

goodapi.co ARCHITECTURAL STYLE IS A SET OF CONSTRAINTS THAT IMPLY SYSTEM WITH CERTAIN PROPERTIES applied CONSTRAINTS imply PROPERTIES

goodapi.co WHAT CONSTRAINT I AM PICKING AND WHAT IS ITS INDUCED PROPERTY? DECOUPLED implies EVOLVABLE STATELESS implies RELIABLE and SCALEABLE UNIFORM INTERFACE implies DEGRADED EFFICIENCY but also SIMPLICITY

goodapi.co ARCHITECT

goodapi.co ROLE OF API ARCHITECT IS TO UNDERSTAND MANY PARADIGMS AND TO PICK THE RIGHT ONE FOR THE TASK “Architect knows something about everything, an engineer knows everything about one thing.”

goodapi.co FOR A GIVEN TASK? WHICH ONE IS THE BEST REST vs. GraphQL

goodapi.co goodapi.co API PARADIGMS API ARCHITECTURAL STYLES

goodapi.co API PARADIGMS Web APIs Query APIs Streaming APIs RPC APIs Flat File

goodapi.co Paradigm Shift CUSTOMER-SPECIFIC APIS one-to-one: few large established customers First Wave (2000) GENERIC APIS one-to-many: many mid- or small- size customers Second Wave (2010) AUTONOMOUS APIS many-to-many & machine-to-machine: automatic, later autonomous APIs Third Wave (2020)

goodapi.co goodapi.co AUTONOMOUS APIS

goodapi.co THE (FORTUNE 500) WORLD STILL RUNS ON SOAP, EDI OR FTP, NOT REST OR GRAPHQL However…

goodapi.co THE CHOICE OF PARADIGM SHOULD ALWAYS BE FUNCTION OF YOUR CONSTRAINTS

goodapi.co CONSTRAINTS

goodapi.co COLONIAL ARCHITECTURE “Houses were colonial because of the colonists were colonial and had colonial constraints” “I really like colonial houses, I think I’ll build one…”

goodapi.co “I really like colonial houses REST APIs I think I’ll build one…” “I really like colonial houses GraphQL APIs I think I’ll build one…”

goodapi.co CONSTRAINTS 1.Business Constraints customer-related, business requirements, product requirements 2.Complexity Constraints implications of distributed system complexity, evolution qualities 3.Domain Constraints domain-specific limitations, regulations, environments 4.Cultural Constraints Conway’s law, knowledge, (human) resources, peer-pressure, trendiness

goodapi.co CONSTRAINTS Ecosystem Properties 1.Business Constraints 2.Complexity Constraints 3.Domain Constraints 4.Cultural Constraints Distributed System Properties

goodapi.co PROPERTIES

goodapi.co Distributed System Properties 1.Performance • network performance • network efficiency • user-perceived 2.Scalability • size complexity Distributed System Properties 3.Simplicity • of the uniform interface • user-perceived • task-structure • unpredictability • algorithmic • chaotic REST induced

goodapi.co Distributed System Properties 4.Modifiability • evolvability • extensibility • customizability • configurability • reusability 5.Visibility • monitoring • security • caching Distributed System Properties 6.Portability • different environments • code with data 7.Reliability • susceptibility to failure • ability to recover REST induced

goodapi.co Distributed System Properties 8.Discoverability • design-time • runtime-time 9.Type-safety 10.Ease of Development • server • client Distributed System Properties 11.Costs effectivity • time to market • development costs • maintenance costs • cost of change

goodapi.co Distributed Ecosystem Properties Ecosystem Properties 1.Active Community 2.Tooling • client • server • API management • Developer experience 3.Ecosystem Maturity 4.Resources • books • articles • on-boarding tutorials 5.Enterprise Readiness

goodapi.co THESE ARE THE PROPERTIES I GENERALLY CARE ABOUT

goodapi.co THESE PROPERTIES ARE TOO BROAD TO BE NEEDED BY EVERY API If you are building API between a single page app and your backend, chances are you do not many of those (e.g. scaleability)

goodapi.co YOUR CONSTRAINTS WILL IMPLY ANOTHER SET OF PROPERTIES

goodapi.co CRITICAL REVIEW

goodapi.co REST APIs

goodapi.co REST • Hard to get started with • Difficult to master • Rare to find Successful implementations are rare outside of WWW • Unparalleled scaleability, evolvability and discoverability if pulled properly

goodapi.co REST Constraints & induced Properties 1.Client-Server 2.Stateless 3.Cacheable 4.Layered System 5.Code on Demand (optional) 6.Uniform Interface 1.Identification of Resources 2.Resource Representations 3.Self-descriptive Messages 4.HATEOAS 1.Performance 2.Scalability 3.Simplicity 4.Modifiability 5.Visibility 6.Portability 7.Reliability

goodapi.co REST PROVIDE BENEFITS… …BUT COME WITH COSTS • Will scale indefinitely • High performance (especially over HTTP2) • Proven for decades • Works with any representation and media type • Affordance-centric (design maturity) • Server-driven application state (server tells you what you can call an when) • Full decoupling of client and server enabling the independent evolution • Links across APIs • Huge entry barrier in training and learning, which most of us never overcome • The big change in the paradigm shift from SOAP, challenging for enterprises to change the mindset • Requires clients to play along, requires discipline on all sides • Poor or no tooling for clients • Limiting API description formats • Challenging to keep consistency and any governance Icons by martinfowler.com

goodapi.co so-called-REST APIs

goodapi.co so-called-REST • Most common type of generic APIs by far • Usually follows HTTP-induced constraints • But many instances does not even follow HTTP protocol (concern separation, Amundsen & Richardson maturity models) • Requires significant amount understanding of HTTP protocol on both client and serve side • Independent evolution is impossible or, at least, painful • Benefits from internet infrastructure–scaleability

goodapi.co REST Constraints & induced Properties in so-called-REST APIs 1.Client-Server 2.Stateless 3.Cacheable 4.Layered System 5.Code on Demand (optional) 6.Uniform Interface 1.Identification of Resources 2.Resource Representations 3.Self-descriptive Messages 4.HATEOAS 1.Performance 2.Scalability 3.Simplicity 4.Modifiability 5.Visibility 6.Portability 7.Reliability

goodapi.co so-called-REST PROVIDE BENEFITS... …BUT COME WITH COSTS • Will scale well when following HTTP • High performance if well design (especially over HTTP2) • Proven for by all RESTful APIs • Works with any representation and media type • Mature tooling available • Sill some entry barrier in training and learning • Difficult to evolve • Challenging to keep consistency and any governance • Type safety and contract driven is not required but optional Icons by martinfowler.com

goodapi.co GraphQL APIs

goodapi.co “The more specific a design idea is, the greater its appeal is likely to be” – Matthew Frederick

goodapi.co GraphQL • Easy to get started with • Remote data access, essentially simplified, vendor-agnostic SQL • Unparalleled tooling and on-boarding, DX and time-to-market • Ignoring the whole internet infrastructure with POST tunneling • Bike shedding (authentication, content negotiation, pagination, and other rate limiting has to be reinvented) • Scaleability issues (thanks to no infrastructure caching) • Tight coupling of clients with servers (data structure)

goodapi.co GraphQL PROVIDE BENEFITS... …BUT COME WITH COSTS • Easy to start with • Time to market for servers and clients • Amazing developer experience • Contract-driven by nature • Built-in introspection • Easier to keep consistent and to govern • Closer to WS / SQL data access make the paradigm shift easier than with REST • Design can be deferred to later (which might be also a bad thing) • Neglects the problems of the distributed system • Server and clients coupled at the client programming time, application state is not driven by the server • Query optimization • Bikeshedding (content negotiation, network errors, caching, authentication) • Scaling, (server and client caching only) you can’t rely on existing caches • Throws away everything HTTP was figuring out for last 17 years • Limited media type support • Too few vendors in the ecosystem, the major one is pretending it owns the show Icons by martinfowler.com

goodapi.co OVERVIEW @zdne Full table will be available at my Induced Properties Comparison of Different Architectural Styles

goodapi.co NONE SHALL ESCAPE THE API DESIGN

goodapi.co API DESIGN In REST you have to go through the exercise of understanding the users’ needs before the API implementation. With GraphQL you can defer the moment of understanding how users consume your API until you start profiling the queries, evaluating their complexity and identifying the slow queries.

goodapi.co Good REST API is designed with use-cases in mind (affordance-centric design) GraphQL gives you seemingly generic API (remote data access)

goodapi.co EITHER WAY YOU HAVE TO UNDERSTAND THE USER NEEDS AND DESIGN YOUR API AND ITS IMPLEMENTATION ACCORDINGLY. IT WOULD BE FOOLISH TO THINK YOU CAN CREATE A WELL-PERFORMANT API FOR EVERY USE CASE. YOU HAVE TO MAKE DESIGN CHOICES. “The more specific a design idea is, the greater its appeal is likely to be”

goodapi.co CASE-EXAMPLES

goodapi.co HR TEAM AND PAYROLL PROCESSING Flat File

goodapi.co BACKEND API FOR SPA GraphQL API

goodapi.co COMPLEX API LANDSCAPE REST APIs

goodapi.co CONCLUSION

goodapi.co • Build system that lasts • In need of content negotiation (language) • Precise authentication, authorization rate limiting • Interlink resources between APIs • Use mixed media types • Care about scaleability Use REST if Rules of Thumb

goodapi.co • Talking to yourself (frontend–backend) • Instead of so-called-REST • Short term projects • Uncertain use-cases • Just access data without the need for infra caching • Amazing DX with little effort Use GraphQL if Rules of Thumb

goodapi.co Do not build so-called-REST APIs Rules of Thumb

goodapi.co ALWAYS PICK BASED ON YOUR CONSTRAINTS, NOT SOMEBODY ELSE’S YOU ARE UNIQUE.

goodapi.co GOOD API INDEPENDENT API CONSULTING WE ARE HIRING

PHOTOS BY UNSPLASH.COM

goodapi.co OVER-FETCHING • GraphQL enthusiasts claims it helps with REST over- fetching REST API with many fields in response is probably poorly designed • REST has the same functionality with sparse field sets • Both GraphQL and REST sparse field sets hurts caching Which one is faster: A requests that drops dozen of unnecessary fields or one that hits the cache? first call 220ms (cache miss) subsequent calls 160ms (cache hit) -vs- first and subsequent calls 200ms (no cache)

goodapi.co WHAT QUALITIES ARE YOU BUYING WHEN YOU SAY YES? WHAT PROPERTIES ARE YOU LOOSING WHEN YOU SAY NO TO OTHER STYLES?

goodapi.co

goodapi.co

goodapi.co

goodapi.co ARCHITECTURAL PROPERTIES OF KEY INTEREST

goodapi.co DISTRIBUTED SYSTEM PROPERTIES