A Bird’s Eye View on GraphQL and AWS AppSync
Software engineers must pick the right API technology. GraphQL can be the best choice when it comes to rich data-intensive applications. Pair it with AWS AppSync, so you waste no time setting up your infrastructure and you can focus on creating valuable functionalities.
In a data-driven world, one of the most important needs is data exchanging between multiple systems and applications.
For this, as we all think about choosing the proper storage and computing system, we also need to pick the right API technology.
At Quantyca one of our design principles is to be open to polyglotism, even when it comes to APIs. For this reason, we studied GraphQL and when and how to go for it in our projects.
In this blog post, I will present you with a summary of our learnings. We will take a look at the following topics:
🎯 What is GraphQL and when and why (not) use it
🎯 GraphQL architecture — the big picture
🎯 AWS AppSync — a cloud-based fully managed GraphQL service
What is GraphQL and when and why (not) use it
According to GraphQL Foundation website:
GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data.
It was developed by Facebook in 2012 and now open-sourced as a specification.
By being a query language, the main feature of GraphQL is that it gives clients the power to ask for exactly what data they need. Nothing more and nothing less. This characteristic prevents both over fetching and under fetching. The former implies retrieving data that is actually not needed while the latter means retrieving not enough information to meet data requirements.
Also, GraphQL queries allow to access not just the properties of one resource but also smoothly follow reference between them. That ability can be leveraged especially in domains where there are a lot of resources extremely interconnected.
Besides this, GraphQL provides a complete description of the capabilities of the APIs. It lays out a type system to describe data in your APIs and to clearly define supported operations. Thanks to the GraphQL introspection system, you will no longer worry about lacking proper ways of knowing what operations are supported by an API, how to use them, and what are input arguments and possible responses.
I just let you taste the potential of GraphQL, but it is important to understand the tradeoffs of this technology to choose the right tool for the right job.
The biggest issue is that letting clients run any query they want can be a double-edged sword. Let’s list some pros and cons of this powerful feature:
👍 Clients can minimize the amount of data that needs to be transferred over the network and thus improve application performance even on slow network connections.
👍 There is no need to build and maintain specific APIs to fulfill each possible client application requirement.
👎 Clients can ask for as much data as they want. So, if you are not careful, a few big queries can bring your server down to its knees.
👎 Complex queries are hard to design and develop because such complexity cannot be split over several endpoints.
Therefore, when do we say yea or nay to GraphQL?
Definitely, the flexibility and richness of GraphQL are game-changers for rich mobile and web applications but add complexity that may not be worthwhile for simple APIs.
GraphQL architecture — the big picture
As mentioned earlier, GraphQL is a specification. It defines both the rules for the query language and the execution engine. These rules include: how to draft queries, how the type system works, how to perform schema introspection and validation, and how a well-formed response must be.
Therefore, the first thing you need to get started with GraphQL is an implementation of the execution engine. Out there is a heterogeneous landscape of GraphQL servers. Each implementation decides upon which software language to use and it can add its own features (such as caching and monitoring).
But every GraphQL server needs to fill in data for every field in the schema. Through resolvers, servers can populate data in any way you define, for example by fetching data from a database or a third-party API.
Then GraphQL clients come into play. You can query a GraphQL server directly with an HTTP request but you can simplify your life by using a dedicated client library. GraphQL clients will seamlessly take care of constructing and sending queries, parsing the responses, and updating your UI.
Over the years a lot of projects have sprung up. You can find a list of server libraries here and a list of clients here.
I will quote here the ones that I consider the most interesting:
AWS AppSync — a cloud-based fully managed GraphQL service
As stated above, using GraphQL require manual installation and maintenance of software infrastructure components. Plus, nowadays mobile and web application users demand quick access to information at scale so at least we need to worry about high availability, reliability, and fan-out capabilities.
This is where AWS AppSync comes to rescue.
AWS AppSync is a
🔥 cloud-based 🔥 fully managed 🔥 serverless
GraphQL implementation.
As follows, AWS AppSync does not require any manual installation nor any maintenance and it scales up and down dynamically depending on the load. So you waste no time setting up your infrastructure and you can immediately focus on creating valuable functionalities.
Additionally, AWS AppSync has its own way of spicing up GraphQL.
First of all, the most advantageous feature is that AWS AppSync has built-in resolvers that automatically translate GraphQL requests and fetch information from a range of pre-configured data sources. Indeed, AWS AppSync can streamline the connections to services like AWS DynamoDB, AWS Aurora, AWS Elasticsearch, and AWS Lambda functions in addition to any arbitrary HTTP endpoint. By leveraging built-in resolvers, developers can simplify the retrieval and manipulation of data and consequently cuts down implementation effort and time.
Moreover, AWS AppSync implements server-side data caching. Developers can selectively cache data fields and operations defined in the GraphQL schema with customizable expiration. This way, there is a reduced need to directly access data sources and performance can be improved.
Last but not least, AWS AppSync grants enterprise-level security and fine-grained access control. It integrates flawlessly with AWS IAM and AWS Cognito for email and password functionality, social providers, OAuth features, as well as enterprise federation with SAML.
Here you find a recap of AWS AppSync key features and advantages.
✨ It is a cloud-based, fully managed, serverless implementation of GraphQL spec.
✨ Thanks to built-in resolvers, AWS AppSync simplifies the retrieval and manipulation of data across certain AWS data services.
✨ It implements server-side data caching for delivering data that doesn’t change frequently at low latency.
✨ It grants enterprise-level security and fine-grained access control by joining forces with AWS IAM and AWS Cognito.
Conclusions
GraphQL is a brand new paradigm for implementing API that is especially powerful for data-intensive mobile and web applications. The cloud-based and serverless implementation provided by AWS AppSync represents the cherry on top thanks to its incredible advantages.
Have you ever used GraphQL and AWS AppSync and for which use cases? Do you think that they are valuable tools that have more pros than cons or vice-versa? Let me know in the comments section below.
Useful links
Here is a list of resources to deepen GraphQL and AWS AppSync knowledge. You will also find interesting tutorials to get your hands dirty.
