GraphQL Best Practices
The GraphQL specification is intentionally silent on a handful of important issues facing APIs such as dealing with the network, authorization, and pagination. This doesn’t mean that there aren’t solutions for these issues when using GraphQL, just that they’re outside the description about what GraphQL is and instead just common practice.
The articles in this section should not be taken as gospel, and in some cases may rightfully be ignored in favor of some other approach. Some articles introduce some of the philosophy developed within Facebook around designing and deploying GraphQL services, while others are more tactical suggestions for solving common problems like serving over HTTP and performing authorization.
- Lesson 1Thinking in Graphs
Model your business domain as a graph
- Lesson 2Serving over HTTP
Handle GraphQL requests on HTTP servers
- Lesson 3Authorization
Delegate authorization logic to the business logic layer
- Lesson 4Pagination
Allow clients to traverse lists of objects with a consistent field pagination model
- Lesson 5Schema Design
Design and evolve a type system over time without versions
- Lesson 6Global Object Identification
Consistent object access enables simple caching and object lookups
- Lesson 7Caching
Provide Object Identifiers so clients can build rich caches
- Lesson 8Performance
Optimize the execution and delivery of GraphQL responses
- Lesson 9Security
Protect GraphQL APIs from malicious operations
- Lesson 10Common Errors
Learn about common `graphql-http` errors and how to debug them.
Thinking in Graphs
Learn how to shift your mindset from RESTful endpoints to graph-based thinking, aligning your schema with business logic and legacy systems.
