Thilan Dissanayaka Interview Guides Oct 01

GraphQL - Interview preparation guide

What is GraphQL?

GraphQL is a query language for APIs and a runtime for executing those queries. It allows clients to request exactly the data they need, reducing over-fetching and under-fetching issues. It was developed by Facebook in 2012 and open-sourced in 2015.

What are the core components of GraphQL?

  1. Schema: Defines the structure and types of data available.
  2. Query: Used to fetch data (equivalent to GET in REST).
  3. Mutation: Used to modify data (Create, Update, Delete).
  4. Subscription: Provides real-time updates.
  5. Resolver: Functions that fetch the actual data for the queries and mutations.

How is GraphQL different from REST?

Feature GraphQL REST
Data Fetching Request specific fields Fetch entire resources
Over-fetching No (only requested fields) Yes (fixed endpoint data)
Under-fetching No (nested queries allowed) Yes (multiple requests)
Versioning Not required Requires new endpoints
Performance Single request for complex data Multiple round-trips

What is a GraphQL schema?

A GraphQL schema is a blueprint that defines the types of data and operations (queries, mutations, subscriptions) supported by the API. Example schema:

type User {  
 id: ID!   name: String!   email: String! 
}  

type Query {   
getUser(id: ID!): User 
}  

type Mutation { 
createUser(name: String!, email: String!): User 
}

what is a GraphQL query?

A query is used to fetch data from the server.

Example query:

query {   getUser(id: "1") {     name     email   } }

What is a GraphQL mutation?

A mutation is used to modify data on the server (create, update, delete).

Example mutation:

mutation {   createUser(name: "Alice", email: "[email protected]") {     id     name   } }

What is a GraphQL subscription?

A subscription allows clients to receive real-time updates.

Example subscription:

subscription {   userAdded {     id     name   } }

What is a resolver in GraphQL?

Resolvers are functions that handle the logic behind GraphQL queries, mutations, and subscriptions.

Example resolver:

const resolvers = {   Query: {     getUser: (_, { id }) => getUserById(id),   },   Mutation: {     createUser: (_, { name, email }) => createUser(name, email),   }, };

What are GraphQL variables and why are they useful?

Variables make queries dynamic and reusable.

Example query with variables:

query GetUser($id: ID!) {   getUser(id: $id) {     name     email   } }

Passing variables:

{   "id": "1" }

What is a GraphQL fragment?

A fragment allows you to reuse fields in multiple queries.

Example fragment:

fragment UserFields on User {   id   name   email }  query {   getUser(id: "1") {     ...UserFields   } }

How does GraphQL handle errors?

GraphQL returns errors alongside a data field.

Example error response:

{   "data": null,   "errors": [     {       "message": "User not found",       "locations": [{ "line": 2, "column": 3 }],       "path": ["getUser"]     }   ] }

What are the benefits of using GraphQL?

  • Efficient Data Fetching: Clients request exactly the fields they need.
  • Strongly Typed Schema: Enforces a contract between client and server.
  • Single Endpoint: Access all resources through a single endpoint.
  • Reduced Over-fetching/Under-fetching: Flexible queries prevent these issues.
  • Real-time Updates: Via subscriptions for event-driven data.

What are the drawbacks of GraphQL?

  • Complexity: More setup and learning curve than REST.
  • Caching Challenges: Difficult to cache responses compared to REST.
  • Performance Overhead: Parsing and resolving dynamic queries may be slower.
  • Security Risks: Requires limiting query depth to avoid denial-of-service attacks.

What is introspection in GraphQL?

Introspection allows clients to query the schema itself and retrieve metadata.

Example introspection query:

`{   __schema {     types {       name       fields {         name       }     }   } }`

What are some best practices for designing GraphQL APIs?

  1. Schema Design: Keep the schema simple and modular.
  2. Pagination: Implement cursor-based pagination for large datasets.
  3. Security: Limit query depth and rate-limit requests.
  4. Batching: Use DataLoader for optimizing N+1 query problems.
  5. Error Handling: Provide clear and consistent error responses.
  6. Caching: Use persisted queries or cache at the resolver level.

How do you implement authentication and authorization in GraphQL?

  • Authentication: Use tokens (e.g., JWT) to verify users.
  • Authorization: Check user roles in resolvers before returning data.

Example context for authorization:

const server = new ApolloServer({ typeDefs, resolvers, context: ({ req }) => { const token = req.headers.authorization || ""; const user = verifyToken(token); return { user }; }, });

What are Apollo Client and Apollo Server?

  • Apollo Client: A state management library for consuming GraphQL APIs.
  • Apollo Server: A GraphQL server implementation supporting queries, mutations, and subscriptions.

How do you handle pagination in GraphQL?

Implement cursor-based pagination using startCursor, endCursor, and hasNextPage.

Example schema:

type UserConnection { edges: [UserEdge] pageInfo: PageInfo } type UserEdge { cursor: String node: User } type PageInfo { hasNextPage: Boolean endCursor: String }

What are some common GraphQL tools and libraries?

  1. Apollo Server/Client: Comprehensive GraphQL solution.
  2. GraphQL.js: Core reference implementation.
  3. GraphQL Code Generator: Generates TypeScript types from schema.
  4. Hasura: Auto-generates GraphQL over databases.

What is schema stitching and federation?

  • Schema Stitching: Combines multiple GraphQL schemas into a single schema.
  • Federation: Distributes a GraphQL schema across multiple services while presenting a unified API.
ALSO READ
Basic concepts of Cryptography
May 03 Cryptography
Basic concepts of Cryptography

Cryptography is the art and science of securing information. In today’s interconnected world, where data is constantly being transmitted across networks, cryptography plays a vital role in ensuring....

REST API - Interview preparation guide
May 08 Interview Guides
REST API - Interview preparation guide

## What is a REST API? A REST (Representational State Transfer) API is an architectural style for designing networked applications. It uses standard HTTP methods to interact with resources, making....

Assembly programming for beginners
Mar 23 Low-level Development
Assembly programming for beginners

Assembly is a low-level programming language. You already know that low-level programming languages are close to machines and very hard to understand by humans. We have already written some programs....

Boolean based Blind SQL Injection
Apr 26 Web App Hacking
Boolean based Blind SQL Injection

Blind SQL Injection happens when: There is a SQL injection vulnerability, BUT the application does not show any SQL errors or query outputs directly. In this case, an attacker has to ask....

Factory Pattern explained simply
Apr 26 Software Architecture
Factory Pattern explained simply

# Factory Pattern Imagine you want to create objects — but you don't want to expose the creation logic to the client and instead ask a factory class to **create objects for you**. That's....

Exploiting a Stack Buffer Overflow on Linux
May 11 Exploit development
Exploiting a Stack Buffer Overflow on Linux

Buffer overflow vulnerabilities are one of the most common yet deadly flaws in software security. They can be leveraged by attackers to gain control over a system, run arbitrary code, and escalate....

ABOUT

Dive deep into the fascinating world of cybersecurity — where knowledge is power, and every byte matters.

Explore expertly written articles on system exploitation, web application hacking, exploit development, malware analysis, cryptography, and more.

CATEGORIES