How OneGraph onboards users who are new to GraphQL (opens in new tab)

(onegraph.com)

118 pointsdwwoelfel7y ago33 comments

33 comments

28 comments · 8 top-level

AznHisoka7y ago· 10 in thread

Naive question: Is GraphQL meant to be used only by the frontend developers to consume backend data, etc? And not by the actual consumers of the API (ie customers, users)? If not, I don't see why consumers would ever want to use GraphQL.

Figuring out the syntax/language to do something as simple as retrieving the first X items requires more thought than calling a dead-simple REST endpoint.

yen2237y ago

Calling an endpoint is only half the story. You still need to know the shape of the response. And most rest APIs I've had to use do a suboptimal job at communicating the schema of the response.

Even Stripe's API, which is far ahead of most other APIs in terms of documentation, doesn't tell you basic things like whether a field can ever be null.

GraphQL defines an interface for describing the schema of an endpoint. This to me is the most valuable thing about it.

sgrove7y ago

This is a great point - Stripe is one of the exceptional companies that maintains a great openapi spec though!

Even so, the GraphQL experience (with the explorer and some other OSS releases we have for next week) is still just so exciting https://serve.onegraph.com/short/Q8SE4F :D

   query search {
     stripe {
       invoices(first: 10) {
         nodes {
           amountDue
           nextPaymentAttempt
           object
           total
           customer {
             ... on StripeCustomer {
               id
               email
             }
           }
           charge {
             dispute {
               created
               reason
               status
             }
           }
         }
       }
     }
   }

- Type (and nullability!) of fields

- In-situ documentation on what the fields are for

- Ability to navigate the Stripe graph from any starting point (customer -> charges -> cards) in a single super-efficient call

- Search-ability across the whole Stripe API in a single field

- Potentially joins across services, e.g. from Stripe to Zendesk or Salesforce

And so on and so on!

atombender7y ago

I think GraphQL is absolutely suitable for being exposed as a public API. Given a schema, it's arguably simpler to write clients than with REST, where every API is completely ad-hoc with respect to how you pass parameters, paginate, select which fields (including nested data) you want, etc.

I think the more interesting question is whether GraphQL is a suitable inter-application API foundation. In many ways it aligns better with application requirements than gRPC. gRPC is even farther away from REST, with limited abilities to do field selection and no inherent support for nesting. And gRPC needs special help to work in browsers. What gRPC has is a compact serialization format and a toolchain that encourages using Protobuf structs for your own internals.

When implementing an app, it certainly seems redundant to offer both GraphQL and gRPC.

sgrove7y ago

I suspect that GraphQL is largely is superset of gRPC, but that gRPC can go places unsuitable for GraphQL as it exists today.

Nothing about GraphQL prevents using e.g. protobufs in theory, but in practice 99.99+% expect to send/receive son.

the_duke7y ago

GraphQL is definitely much more complicated to use for users than a REST api, which is the well known standard for everyone.

For complex APIs that are used by consumers for many tasks, it can make sense though.

If you are using GraphQL internally, you might as well expose a version of it to customers.

See for example Github, which has a GraphQL API.

fiddlerwoaroof7y ago

"standard": random endpoints returning JSON can be easy to use, once you're familiar with them, but you have to learn each endpoint separately. Hopefully GraphQL (or something like JSONAPI) will bring us a real standard interface to apis.

1 more reply

iamjaredwalters7y ago

> more thought than calling a dead-simple REST endpoint

REST shortcomings aren't necessarily found in a single api request. REST's shortcomings are the handful of endpoints required to get the information you actually want.

dragonwriter7y ago

> REST's shortcomings are the handful of endpoints required to get the information you actually want.

That's a problem of a naive CRUD API against a normalized relational datastore (or one structurally resembling such a store) regardless of architectural style, but there is no reason any standardized packet of information for which there is an expected recurring need should not be conceptualized as a resource in a REST API.

Orthogonality or normalization is not part of the REST architectural style.

1 more reply

sl1ck7317y ago

The biggest benefit for me is that since I'm working on both ends of the stack I don't constantly have to make little changes on the backend to accomplish what I want on the frontend. In the past I've ended up with an array of alternative endpoints using different methods or query parameters for special cases whereas now the particulars about what I want to retrieve is more delegated to what I'm doing on the frontend. It is also quicker in that I don't have to write client libraries as I go.

Even more, now I'm using postgrahile and don't even bother with writing the backend for much of anything except special case resolvers. This has increased my productive time but it might not be a fit for everyone. The nice thing is that I keep my schema in the app repo and have the entire thing provisioned from 1 script.

If I need a new resource I just modify the database schema and the graphql resolvers are created automatically.

dwwoelfelOP7y ago

> Figuring out the syntax/language to do something as simple as retrieving the first X items requires more thought than calling a dead-simple REST endpoint.

I'm obviously biased as one of the founders of OneGraph. There's a one-time cost of learning the syntax (which we're trying to make easier!), but once you've done that my experience is that it's easier to use a GraphQL endpoint from the backend than a REST endpoint.

We used Facebook's GraphQL endpoint from a Clojure backend when I joined the Wit team after they were acquired. It was very handy to be able to look at the query and have a general idea of the data that was going to be returned rather than inspect a response or look up the docs.

sbr4647y ago· 3 in thread

I’m a big fan of graphql and use it for all frontend work.

I ran into one issue recently from a server side client use case where I needed to quickly consume an entire endpoint. Since you need to define each field in your query, it was more time consuming to create the requests. I also see the issue if fields are added, you would miss that data without updating your query.

Typically these are benefits when doing frontend work, to limit data, but I did find it annoying when just needing to quickly dump data.

For my own servers moving forward, I’m going to be adding a _doc json field for users that need traditional rest endpoint functionality in a query.

headcanon7y ago

If you don't want to specify all properties, or can't know them ahead of time, you can create a JSON scalar type that will return an arbitrary object (https://github.com/taion/graphql-type-json).

Its of course much better to define your attributes ahead-of-time. It incurs more overhead initially but pays off immensely down the line.

the_duke7y ago

I have also run into this issue.

I use a hand-written generator which generates a "AllXXFields" fragment for each type automatically.

sgrove7y ago

We're thinking of adding a "add all" checkbox in the explorer for this exact reason - feel free to open an issue https://github.com/OneGraph/graphiql-explorer/issues so we can discuss it further.

There are obviously tradeoffs that come with selecting all fields by default (in particular it makes it difficult for the server devs to send thoughtful notifications only to clients who rely on specific fields when necessary), but for initially exploring it's definitely nice.

1 more reply

abhisuri977y ago· 2 in thread

I don't think necessarily GraphQL is hard to understand as a concept. It's just difficult to figure out how to use it in an actual app context. How do I handle more complicated things such as authentication and, more importantly, what are acceptable and secure ways to structure your queries for auth (and things like that). I can certainly hack around with `context`, I just don't know what is actually good or not.

sgrove7y ago

> I don't think necessarily GraphQL is hard to understand as a concept

It was surprising to us as well! But working with lots of users who are new to GraphQL, there are a few speed bumps along the way before you get to "implementing GraphQL in production." You have to convince your GraphQL users that:

1. It won't take too long to understand 2. It will be worth the effort

Anything you can do to make building a valid GraphQL query (both syntactically and semantically) faster helps with #1, and will get your users further along.

Making it so that users can see success/data flowing in as quickly as possible helps with #2.

From there, like you mentioned, there are lots of additional challenges, but for this post we're focusing on getting new users over the most initial hurdles.

headcanon7y ago

I don't know what the stack you're working with looks like, but authentication can be done the same way as a REST API would - wherever you have your top-level handler that receives the HTTP request can accept/reject the request if it is invalid. So for example, you'd use the same express middleware you would normally if that was your stack. Its a bit simpler to wrap your head around from that perspective if you just think of it as any other POST request.

Authorization, that is, allowing users access to some things but not others, is more complicated and of course bespoke to your application. The simple solution is to simply check context in individual resolvers, which ends up looking a lot like a normal Express/Flask/Sinatra app.

There is a graphql-middleware package that helps structure "middleware" resolvers, and a graphql-shield package that helps with more complicated role-based logic.

mrspeaker7y ago· 2 in thread

This is really cool! I think that for the demo you should make the "Explorer" open by default - I bet most people won't realize what to do otherwise and will be intimidated (and just leave).

If possible it would be good to add default values too (like the "ticker" in the stock data set)!

dwwoelfelOP7y ago

Good idea! Just pushed up a change to open the explorer by default and fill in a default value for the stock ticker.

The explorer supports adding args that should be auto-checked and providing default values. It could probably be a little easier to use, but it's easy enough to add new ones once you have an example: https://github.com/OneGraph/graphiql-explorer-example/blob/m...

pitzahoy7y ago

X2 this comment!

timwis7y ago· 2 in thread

For me the barriers have been implementing the server (especially with authorisation logic); consuming it as a client was the relatively easy part.

dabit37y ago

In that case you may be interested in AWS AppSync (a managed GraphQL service)

https://aws.amazon.com/appsync/

tirumaraiselvan7y ago

Also check out Hasura (https://hasura.io) which works on any Postgres anywhere. Hasura provides out-of-the-box GraphQL APIs which you can extend as well while hooking into any (web-based) external Auth system for role based access control.

Full Disclosure: I work at Hasura.

silentguy7y ago· 1 in thread

Is there any way to download OneGraph GraphiQL explorer binary? Is it open source?

sgrove7y ago

We haven't made any custom GraphiQL for the desktop yet, I think we'll reach out to e.g. https://altair.sirmuel.design to see if we can get it to ship with OneGraph "preconfigured" with all of the open-source additions we're adding right now.

jeremynevans7y ago

I've been a OneGraph user for a while now and I have to say the Explorer feature is still one of my favourite things about it.

In my opinion, a well designed API should be as easy to explore as folders on a computer, and the GraphiQL Explorer makes this the case by default.

NicoJuicy7y ago

I've used graphql ( by force) in the past.

I like odata a lot more, but it's more initial work

j / k navigate · click thread line to collapse

33 comments

28 comments · 8 top-level

AznHisoka7y ago· 10 in thread

Figuring out the syntax/language to do something as simple as retrieving the first X items requires more thought than calling a dead-simple REST endpoint.

yen2237y ago

Calling an endpoint is only half the story. You still need to know the shape of the response. And most rest APIs I've had to use do a suboptimal job at communicating the schema of the response.

Even Stripe's API, which is far ahead of most other APIs in terms of documentation, doesn't tell you basic things like whether a field can ever be null.

GraphQL defines an interface for describing the schema of an endpoint. This to me is the most valuable thing about it.

sgrove7y ago

This is a great point - Stripe is one of the exceptional companies that maintains a great openapi spec though!

Even so, the GraphQL experience (with the explorer and some other OSS releases we have for next week) is still just so exciting https://serve.onegraph.com/short/Q8SE4F :D

   query search {
     stripe {
       invoices(first: 10) {
         nodes {
           amountDue
           nextPaymentAttempt
           object
           total
           customer {
             ... on StripeCustomer {
               id
               email
             }
           }
           charge {
             dispute {
               created
               reason
               status
             }
           }
         }
       }
     }
   }

- Type (and nullability!) of fields

- In-situ documentation on what the fields are for

- Ability to navigate the Stripe graph from any starting point (customer -> charges -> cards) in a single super-efficient call

- Search-ability across the whole Stripe API in a single field

- Potentially joins across services, e.g. from Stripe to Zendesk or Salesforce

And so on and so on!

atombender7y ago

When implementing an app, it certainly seems redundant to offer both GraphQL and gRPC.

sgrove7y ago

I suspect that GraphQL is largely is superset of gRPC, but that gRPC can go places unsuitable for GraphQL as it exists today.

Nothing about GraphQL prevents using e.g. protobufs in theory, but in practice 99.99+% expect to send/receive son.

the_duke7y ago

GraphQL is definitely much more complicated to use for users than a REST api, which is the well known standard for everyone.

For complex APIs that are used by consumers for many tasks, it can make sense though.

If you are using GraphQL internally, you might as well expose a version of it to customers.

See for example Github, which has a GraphQL API.

fiddlerwoaroof7y ago

1 more reply

iamjaredwalters7y ago

> more thought than calling a dead-simple REST endpoint

REST shortcomings aren't necessarily found in a single api request. REST's shortcomings are the handful of endpoints required to get the information you actually want.

dragonwriter7y ago

> REST's shortcomings are the handful of endpoints required to get the information you actually want.

Orthogonality or normalization is not part of the REST architectural style.

1 more reply

sl1ck7317y ago

If I need a new resource I just modify the database schema and the graphql resolvers are created automatically.

dwwoelfelOP7y ago

> Figuring out the syntax/language to do something as simple as retrieving the first X items requires more thought than calling a dead-simple REST endpoint.

sbr4647y ago· 3 in thread

I’m a big fan of graphql and use it for all frontend work.

Typically these are benefits when doing frontend work, to limit data, but I did find it annoying when just needing to quickly dump data.

For my own servers moving forward, I’m going to be adding a _doc json field for users that need traditional rest endpoint functionality in a query.

headcanon7y ago

If you don't want to specify all properties, or can't know them ahead of time, you can create a JSON scalar type that will return an arbitrary object (https://github.com/taion/graphql-type-json).

Its of course much better to define your attributes ahead-of-time. It incurs more overhead initially but pays off immensely down the line.

the_duke7y ago

I have also run into this issue.

I use a hand-written generator which generates a "AllXXFields" fragment for each type automatically.

sgrove7y ago

We're thinking of adding a "add all" checkbox in the explorer for this exact reason - feel free to open an issue https://github.com/OneGraph/graphiql-explorer/issues so we can discuss it further.

1 more reply

abhisuri977y ago· 2 in thread

sgrove7y ago

> I don't think necessarily GraphQL is hard to understand as a concept

1. It won't take too long to understand 2. It will be worth the effort

Anything you can do to make building a valid GraphQL query (both syntactically and semantically) faster helps with #1, and will get your users further along.

Making it so that users can see success/data flowing in as quickly as possible helps with #2.

From there, like you mentioned, there are lots of additional challenges, but for this post we're focusing on getting new users over the most initial hurdles.

headcanon7y ago

There is a graphql-middleware package that helps structure "middleware" resolvers, and a graphql-shield package that helps with more complicated role-based logic.

mrspeaker7y ago· 2 in thread

This is really cool! I think that for the demo you should make the "Explorer" open by default - I bet most people won't realize what to do otherwise and will be intimidated (and just leave).

If possible it would be good to add default values too (like the "ticker" in the stock data set)!

dwwoelfelOP7y ago

Good idea! Just pushed up a change to open the explorer by default and fill in a default value for the stock ticker.

pitzahoy7y ago

X2 this comment!

timwis7y ago· 2 in thread

For me the barriers have been implementing the server (especially with authorisation logic); consuming it as a client was the relatively easy part.

dabit37y ago

In that case you may be interested in AWS AppSync (a managed GraphQL service)

https://aws.amazon.com/appsync/

tirumaraiselvan7y ago

Full Disclosure: I work at Hasura.

silentguy7y ago· 1 in thread

Is there any way to download OneGraph GraphiQL explorer binary? Is it open source?

sgrove7y ago

jeremynevans7y ago

I've been a OneGraph user for a while now and I have to say the Explorer feature is still one of my favourite things about it.

In my opinion, a well designed API should be as easy to explore as folders on a computer, and the GraphiQL Explorer makes this the case by default.

NicoJuicy7y ago

I've used graphql ( by force) in the past.

I like odata a lot more, but it's more initial work

j / k navigate · click thread line to collapse