Thilan Dissanayaka Interview Guides Oct 01

GraphQL - Interview preparation guide

What is GraphQL?

GraphQL is a query language for APIs and a runtime for executing those queries. It allows clients to request exactly the data they need, reducing over-fetching and under-fetching issues. It was developed by Facebook in 2012 and open-sourced in 2015.

What are the core components of GraphQL?

  1. Schema: Defines the structure and types of data available.
  2. Query: Used to fetch data (equivalent to GET in REST).
  3. Mutation: Used to modify data (Create, Update, Delete).
  4. Subscription: Provides real-time updates.
  5. Resolver: Functions that fetch the actual data for the queries and mutations.

How is GraphQL different from REST?

Feature GraphQL REST
Data Fetching Request specific fields Fetch entire resources
Over-fetching No (only requested fields) Yes (fixed endpoint data)
Under-fetching No (nested queries allowed) Yes (multiple requests)
Versioning Not required Requires new endpoints
Performance Single request for complex data Multiple round-trips

What is a GraphQL schema?

A GraphQL schema is a blueprint that defines the types of data and operations (queries, mutations, subscriptions) supported by the API. Example schema:

type User {  
 id: ID!   name: String!   email: String! 
}  

type Query {   
getUser(id: ID!): User 
}  

type Mutation { 
createUser(name: String!, email: String!): User 
}

what is a GraphQL query?

A query is used to fetch data from the server.

Example query:

query {   getUser(id: "1") {     name     email   } }

What is a GraphQL mutation?

A mutation is used to modify data on the server (create, update, delete).

Example mutation:

mutation {   createUser(name: "Alice", email: "[email protected]") {     id     name   } }

What is a GraphQL subscription?

A subscription allows clients to receive real-time updates.

Example subscription:

subscription {   userAdded {     id     name   } }

What is a resolver in GraphQL?

Resolvers are functions that handle the logic behind GraphQL queries, mutations, and subscriptions.

Example resolver:

const resolvers = {   Query: {     getUser: (_, { id }) => getUserById(id),   },   Mutation: {     createUser: (_, { name, email }) => createUser(name, email),   }, };

What are GraphQL variables and why are they useful?

Variables make queries dynamic and reusable.

Example query with variables:

query GetUser($id: ID!) {   getUser(id: $id) {     name     email   } }

Passing variables:

{   "id": "1" }

What is a GraphQL fragment?

A fragment allows you to reuse fields in multiple queries.

Example fragment:

fragment UserFields on User {   id   name   email }  query {   getUser(id: "1") {     ...UserFields   } }

How does GraphQL handle errors?

GraphQL returns errors alongside a data field.

Example error response:

{   "data": null,   "errors": [     {       "message": "User not found",       "locations": [{ "line": 2, "column": 3 }],       "path": ["getUser"]     }   ] }

What are the benefits of using GraphQL?

  • Efficient Data Fetching: Clients request exactly the fields they need.
  • Strongly Typed Schema: Enforces a contract between client and server.
  • Single Endpoint: Access all resources through a single endpoint.
  • Reduced Over-fetching/Under-fetching: Flexible queries prevent these issues.
  • Real-time Updates: Via subscriptions for event-driven data.

What are the drawbacks of GraphQL?

  • Complexity: More setup and learning curve than REST.
  • Caching Challenges: Difficult to cache responses compared to REST.
  • Performance Overhead: Parsing and resolving dynamic queries may be slower.
  • Security Risks: Requires limiting query depth to avoid denial-of-service attacks.

What is introspection in GraphQL?

Introspection allows clients to query the schema itself and retrieve metadata.

Example introspection query:

`{   __schema {     types {       name       fields {         name       }     }   } }`

What are some best practices for designing GraphQL APIs?

  1. Schema Design: Keep the schema simple and modular.
  2. Pagination: Implement cursor-based pagination for large datasets.
  3. Security: Limit query depth and rate-limit requests.
  4. Batching: Use DataLoader for optimizing N+1 query problems.
  5. Error Handling: Provide clear and consistent error responses.
  6. Caching: Use persisted queries or cache at the resolver level.

How do you implement authentication and authorization in GraphQL?

  • Authentication: Use tokens (e.g., JWT) to verify users.
  • Authorization: Check user roles in resolvers before returning data.

Example context for authorization:

const server = new ApolloServer({ typeDefs, resolvers, context: ({ req }) => { const token = req.headers.authorization || ""; const user = verifyToken(token); return { user }; }, });

What are Apollo Client and Apollo Server?

  • Apollo Client: A state management library for consuming GraphQL APIs.
  • Apollo Server: A GraphQL server implementation supporting queries, mutations, and subscriptions.

How do you handle pagination in GraphQL?

Implement cursor-based pagination using startCursor, endCursor, and hasNextPage.

Example schema:

type UserConnection { edges: [UserEdge] pageInfo: PageInfo } type UserEdge { cursor: String node: User } type PageInfo { hasNextPage: Boolean endCursor: String }

What are some common GraphQL tools and libraries?

  1. Apollo Server/Client: Comprehensive GraphQL solution.
  2. GraphQL.js: Core reference implementation.
  3. GraphQL Code Generator: Generates TypeScript types from schema.
  4. Hasura: Auto-generates GraphQL over databases.

What is schema stitching and federation?

  • Schema Stitching: Combines multiple GraphQL schemas into a single schema.
  • Federation: Distributes a GraphQL schema across multiple services while presenting a unified API.
ALSO READ
Abstract Factory Pattern explained simply
Apr 26 Software Architecture
Abstract Factory Pattern explained simply

When you want to create **families of related objects** without specifying their concrete classes, the **Abstract Factory Pattern** is your best friend. --- ## What is the Abstract Factory....

How stack works in function call
Mar 23 Application Security
How stack works in function call

## The Stack in Computer Science The stack is an important concept in computer science. If you are planning to learn reverse engineering, malware analyzing, exploitation, etc., this concept is a....

Introduction to Edge Computing
Mar 23 Computing Concepts
Introduction to Edge Computing

Edge computing is a distributed computing paradigm where computation and data storage are performed closer to the location where it is needed. Instead of relying solely on a centralized data center,....

Kafka - Interview preparation guide
Jan 28 Interview Guides
Kafka - Interview preparation guide

## What is Apache Kafka? Apache Kafka is a distributed event streaming platform designed for high-throughput, fault-tolerant, and real-time data streaming. It is used for building real-time data....

Reverse TCP shell with Metasploit
Mar 23 Penetration Testing
Reverse TCP shell with Metasploit

Metasploit is a powerful penetration testing framework that automates exploit development, generates shellcode, and acts as a listener for incoming connections. This tutorial introduces how to create....

HTTP Header Injection Explained
May 27 Application Security
HTTP Header Injection Explained

HTTP Header Injection is a critical web security vulnerability that occurs when an application allows user-controlled input to be inserted into HTTP response headers without proper validation or....

ABOUT

Dive deep into the fascinating world of cybersecurity — where knowledge is power, and every byte matters.

Explore expertly written articles on system exploitation, web application hacking, exploit development, malware analysis, cryptography, and more.

CATEGORIES