GraphQL has gained significant traction in the API space as organizations increasingly adopt this new API structure into their ecosystems. Seen as an alternative to REST APIs, GraphQL offers more flexibility to API consumers while also posing new challenges to API development and delivery. Here are seven key insights into the trends surrounding GraphQL based on learnings from the recent GraphQLConf 2023 conference.

1. GraphQL Adoption at Scale

Enterprises are rapidly embracing GraphQL, with a Gartner report predicting that over 50% of businesses will use GraphQL in production by 2025, up from less than 10% in 2021. The GraphQLConf showcased the technology’s growing popularity with speakers and attendees from prominent companies like Pinterest, AWS, Meta, Salesforce, Netflix, Coinbase, and Atlassian.

2. API Management for GraphQL

Pairing GraphQL with API management software is essential to maximize its benefits. Since GraphQL acts as a gateway or middleware for various data sources, API performance and security rely on these downstream sources. Implementing query cost analysis and rate limiting based on connected data sources can optimize GraphQL API performance. The conference discussions emphasized the importance of observability and rate limiting in API management for GraphQL.

3. GraphQL Security

With enterprises running GraphQL at scale, ensuring security for GraphQL APIs has become critical. GraphQL has its own security needs due to its structural differences from other API specifications. The conference highlighted GraphQL-specific vulnerabilities such as complexity issues and schema leaks. However, typical security threats like injections and server errors that apply to standard API specifications can usually be mitigated by API management solutions.

4. Declarative, SDL-first GraphQL API Development

GraphQL APIs can be built using either a “code-first” or “schema-first” approach. The core of every GraphQL API is a schema that serves as the type-system. The “code-first” approach generates the schema from the business logic implemented in the framework, while the “schema-first” approach defines the schema separately and maps it to the business logic. A newer approach called “SDL-first” (Schema Definition Language) combines both the schema and business logic directly inside the GraphQL schema.

5. Incremental Delivery of Streaming Data

Streaming data in GraphQL has been a neglected aspect but is gaining relevance as GraphQL adoption increases. Real-time data in GraphQL is implemented using a specific operation type called “Subscription,” but streaming data has different requirements. The GraphQL specification is expected to introduce two new built-in directives, “@stream” and “@defer,” to handle situations where incremental data delivery is necessary. This development will make GraphQL more compatible with asynchronous or event-driven data sources.

6. Open Specification for GraphQL Federation

GraphQL federation enables the consolidation of multiple GraphQL APIs into a single API, enhancing usability and discoverability within an organization. However, existing GraphQL federation implementations have varied based on vendor-specific requirements. To address this, IBM and other leading companies in the API space are working on an open specification for GraphQL federation under the GraphQL Foundation.

7. GraphQL and AI

The rise of artificial intelligence (AI) poses both challenges and opportunities for GraphQL. Developers need to consider how AI will impact the development of GraphQL APIs and how AI can help identify and prevent security vulnerabilities in GraphQL. IBM Fellow and CTO, Anant Jhingran, presented on the role of GraphQL in AI and API integration at both GraphQLConf and IBM TechXchange.

Learn More

As GraphQL gains momentum, IBM is supporting organizations of all sizes in their GraphQL journey by providing tools that simplify the development of production-level GraphQL APIs. To learn more about the GraphQL capabilities in IBM API Connect and how to get started for free, visit the IBM API Connect website.

FAQs

What is GraphQL?

GraphQL is a new API structure that offers more flexibility to API consumers by allowing them to specify the exact data they need from an API. It is often seen as an alternative to REST APIs.

Why is GraphQL gaining popularity?

GraphQL is gaining popularity because it provides more flexibility to API consumers, allows for efficient data fetching, and enables clients to request multiple resources in a single request.

What is the difference between “code-first” and “schema-first” approaches to building GraphQL APIs?

In the “code-first” approach, the GraphQL schema is generated from the business logic implemented in the framework used to build the GraphQL API. In the “schema-first” approach, the schema is defined separately and then mapped to the business logic.

How can GraphQL handle streaming data?

GraphQL is expected to introduce two new built-in directives, “@stream” and “@defer,” to handle streaming data. These directives will enable GraphQL to handle incremental delivery of data from asynchronous or event-driven data sources.

What is GraphQL federation?

GraphQL federation is a way to consolidate multiple GraphQL APIs into a single API, improving the usability and discoverability of services within an organization.