Thilan Dissanayaka Interview Guides Oct 01

GraphQL - Interview preparation guide

What is GraphQL?

GraphQL is a query language for APIs and a runtime for executing those queries. It allows clients to request exactly the data they need, reducing over-fetching and under-fetching issues. It was developed by Facebook in 2012 and open-sourced in 2015.

What are the core components of GraphQL?

  1. Schema: Defines the structure and types of data available.
  2. Query: Used to fetch data (equivalent to GET in REST).
  3. Mutation: Used to modify data (Create, Update, Delete).
  4. Subscription: Provides real-time updates.
  5. Resolver: Functions that fetch the actual data for the queries and mutations.

How is GraphQL different from REST?

Feature GraphQL REST
Data Fetching Request specific fields Fetch entire resources
Over-fetching No (only requested fields) Yes (fixed endpoint data)
Under-fetching No (nested queries allowed) Yes (multiple requests)
Versioning Not required Requires new endpoints
Performance Single request for complex data Multiple round-trips

What is a GraphQL schema?

A GraphQL schema is a blueprint that defines the types of data and operations (queries, mutations, subscriptions) supported by the API. Example schema:

type User {  
 id: ID!   name: String!   email: String! 
}  

type Query {   
getUser(id: ID!): User 
}  

type Mutation { 
createUser(name: String!, email: String!): User 
}

what is a GraphQL query?

A query is used to fetch data from the server.

Example query:

query {   getUser(id: "1") {     name     email   } }

What is a GraphQL mutation?

A mutation is used to modify data on the server (create, update, delete).

Example mutation:

mutation {   createUser(name: "Alice", email: "[email protected]") {     id     name   } }

What is a GraphQL subscription?

A subscription allows clients to receive real-time updates.

Example subscription:

subscription {   userAdded {     id     name   } }

What is a resolver in GraphQL?

Resolvers are functions that handle the logic behind GraphQL queries, mutations, and subscriptions.

Example resolver:

const resolvers = {   Query: {     getUser: (_, { id }) => getUserById(id),   },   Mutation: {     createUser: (_, { name, email }) => createUser(name, email),   }, };

What are GraphQL variables and why are they useful?

Variables make queries dynamic and reusable.

Example query with variables:

query GetUser($id: ID!) {   getUser(id: $id) {     name     email   } }

Passing variables:

{   "id": "1" }

What is a GraphQL fragment?

A fragment allows you to reuse fields in multiple queries.

Example fragment:

fragment UserFields on User {   id   name   email }  query {   getUser(id: "1") {     ...UserFields   } }

How does GraphQL handle errors?

GraphQL returns errors alongside a data field.

Example error response:

{   "data": null,   "errors": [     {       "message": "User not found",       "locations": [{ "line": 2, "column": 3 }],       "path": ["getUser"]     }   ] }

What are the benefits of using GraphQL?

  • Efficient Data Fetching: Clients request exactly the fields they need.
  • Strongly Typed Schema: Enforces a contract between client and server.
  • Single Endpoint: Access all resources through a single endpoint.
  • Reduced Over-fetching/Under-fetching: Flexible queries prevent these issues.
  • Real-time Updates: Via subscriptions for event-driven data.

What are the drawbacks of GraphQL?

  • Complexity: More setup and learning curve than REST.
  • Caching Challenges: Difficult to cache responses compared to REST.
  • Performance Overhead: Parsing and resolving dynamic queries may be slower.
  • Security Risks: Requires limiting query depth to avoid denial-of-service attacks.

What is introspection in GraphQL?

Introspection allows clients to query the schema itself and retrieve metadata.

Example introspection query:

`{   __schema {     types {       name       fields {         name       }     }   } }`

What are some best practices for designing GraphQL APIs?

  1. Schema Design: Keep the schema simple and modular.
  2. Pagination: Implement cursor-based pagination for large datasets.
  3. Security: Limit query depth and rate-limit requests.
  4. Batching: Use DataLoader for optimizing N+1 query problems.
  5. Error Handling: Provide clear and consistent error responses.
  6. Caching: Use persisted queries or cache at the resolver level.

How do you implement authentication and authorization in GraphQL?

  • Authentication: Use tokens (e.g., JWT) to verify users.
  • Authorization: Check user roles in resolvers before returning data.

Example context for authorization:

const server = new ApolloServer({ typeDefs, resolvers, context: ({ req }) => { const token = req.headers.authorization || ""; const user = verifyToken(token); return { user }; }, });

What are Apollo Client and Apollo Server?

  • Apollo Client: A state management library for consuming GraphQL APIs.
  • Apollo Server: A GraphQL server implementation supporting queries, mutations, and subscriptions.

How do you handle pagination in GraphQL?

Implement cursor-based pagination using startCursor, endCursor, and hasNextPage.

Example schema:

type UserConnection { edges: [UserEdge] pageInfo: PageInfo } type UserEdge { cursor: String node: User } type PageInfo { hasNextPage: Boolean endCursor: String }

What are some common GraphQL tools and libraries?

  1. Apollo Server/Client: Comprehensive GraphQL solution.
  2. GraphQL.js: Core reference implementation.
  3. GraphQL Code Generator: Generates TypeScript types from schema.
  4. Hasura: Auto-generates GraphQL over databases.

What is schema stitching and federation?

  • Schema Stitching: Combines multiple GraphQL schemas into a single schema.
  • Federation: Distributes a GraphQL schema across multiple services while presenting a unified API.
ALSO READ
GraphQL - Interview preparation guide
Oct 01 Interview Guides

## What is GraphQL? GraphQL is a query language for APIs and a runtime for executing those queries. It allows clients to request exactly the data they need, reducing over-fetching and....

HTTP Header Injection Explained
May 27 Application Security

HTTP Header Injection is a critical web security vulnerability that occurs when an application allows user-controlled input to be inserted into HTTP response headers without proper validation or....

ACID Properties in Databases: The Key to Reliable Transactions
Apr 25 Database Systems

When working with databases, one thing is absolutely critical: keeping your data safe, consistent, and reliable. That's where ACID properties come in — a set of principles that ensure every....

Kafka - Interview preparation guide
Jan 28 Interview Guides

## What is Apache Kafka? Apache Kafka is a distributed event streaming platform designed for high-throughput, fault-tolerant, and real-time data streaming. It is used for building real-time data....

Understanding Assembly Language: Purpose and Structure
Mar 23 Low level Development

Assembly language is a low-level programming language that provides a human-readable representation of a computer's binary instructions. Unlike high-level languages like C, C++, or Python, which are....

REST API - Interview preparation guide
May 08 Interview Guides

## What is a REST API? A REST (Representational State Transfer) API is an architectural style for designing networked applications. It uses standard HTTP methods to interact with resources, making....