AndyL
Swagger, gRPC or GraphQL?
Had a rough afternoon trying to get Swagger working on my json api. (I tried Phoenix Swagger and OpenApiSpex.)
Should I look at gRPC or GraphQL?? I’ve never used gRPC, and years ago have had good experience with Absinthe.
I want a ‘self documenting’ API that’s easy to maintain, with good support for multiple client languages. Not so concerned about caching. Seems like any of the three approaches ought to work for my app.
What is the best approach in 2023?
Marked As Solved
dimitarvp
I personally dislike GraphQL. In all my work in Elixir, Rust and Golang I have never seen one project where the fact that our backend is GraphQL-enabled has not led to a lot of boilerplate and double-schema writing (one in JS for the frontend and one in the backend language). Pragmatically and egotistically speaking only from a programmer’s point of view, GraphQL is a hassle and a fickle princess you have to handle with care in order for it to not fall over.
As much as I hate JS, I’ve only seen GraphQL development be almost frictionless in JS projects. Their ecosystem has it really well covered.
That being said, REST API or gRPC can be an even bigger hassle down the road, they you could start with a REST API relatively quicker than GraphQL (but not by much).
So if I have to pick the lesser evil I’d still go for GraphQL. It allows you do quite a lot and the stricter schema, while very annoying to maintain sometimes, pays for itself tenfold if your project lives to be at least 6 months old or more.
Also Liked
benwilson512
I tihnk the more nuanced argument for GraphQL here isn’t that it’s impossible to parameterize REST, it’s just that everybody making their own ad hoc way of doing it is worse DX than having a spec for how to do so.
Yes, there are specifications out there that standardize on some of this, and that might work great for your use case! However it’s hard to beat GraphQL on the flexibility department.
Complexity analysis makes this a pretty solved problem in GraphQL as well. Certainly though I’d say it is more complex to support a public GraphQL API than a public REST API. Nightmare I think overstates the security situation though.
I’m not gonna weigh in here too much on the actual comparison bits but if folks have more questions about GraphQL I’m always happy to answer them as I can!
D4no0
OpenApiSpex is the continuation of the Phoenix Swagger project, so you use it if you want a generic REST API documentation.
I’ve used about half a year ago in a new project and it worked flawlessly, used it with built-in swagger-ui behind an authentication wall. The only main issue I had was that I didn’t understand how to use the specs at first, however it becomes clear when you read from official open api documentation the format of the specs.
Exadra37
This argument sometimes comes from bad design of a REST API. See my answer on this other topic:
In resume, when designing a REST API endpoint for a resource nothing stops a developer from accepting a query parameter with the list of fields to be returned in the response, plus the list of sub-resources and their fields:
apibaas.io/some/endpoint?resource=posts:author;title;content,comments:author;content
Now, to group unrelated resources GraphQL as an advantage, but nothing stops you from having an API endpoints like this:
apibaas.io/some/endpoint?resources=categories:title,products:title;description;content;price,promotions:title,description,price,discount
Now, if you say that GraphQL query language looks better in terms of ergonomics I have to agree with you, but REST APIs are superior in terms of enforcing security via OpenAPI specs and prevent an attacker to dump a lot of data in a simple GraphQL request.
Put it simple GraphQL puts convenience over security due to its design. GraphQL is the nightmare of security teams and the dream of frontend devs.
AlchemistCamp
I don’t like GraphQL either, unless it’s with a large team of separated front-end and back-end devs. In that case, though, I’m very happy with Absinthe. I used it for a client project 3 years ago and found myself pleasantly surprised more than once.
JEG2
No API is free. You have to design it. There are a lot of little decisions like: how will you layout the various endpoints in code, how will you validate input, how will you control what is queried and returned, how will you share docs, and so on. A good GraphQL implementation, like Absinthe, could help with a good deal of this.







