Is it a good practice to have a viewer for GraphQL mutations? Theoretically this makes sense to me as some mutation end points shouldn't be possible if you are not logged in, etc.
But when I see examples on the web, I only see implementation of GraphQL viewers for queries. For mutations, I do not see any implementation of viewers. For example, the GitHub API doesn't have a viewer on top of all their mutations.
The viewer field isn't a good practice, either for mutations or queries. It's a remnant of Facebook's legacy GraphQL platform from before it was open-sourced, which didn't allow arguments on root query fields. This meant that all of the fields needed to be moved one level down, below viewer.
The current way to do auth in GraphQL, at least in the JavaScript implementation, is by getting the user data based on something like an HTTP header and putting it on context, as mentioned here: http://graphql.org/learn/authorization/
Therefore, there is no reason to do viewer for mutations, or for queries. Most GraphQL clients don't mind, but one situation where it could make sense to have it in queries specifically is if you are using Relay 0.x, which has inherited some of Facebook's legacy GraphQL limitations. Hopefully a future version of Relay will remove this requirement.
For an additional source, read this comment from Lee Byron, one of the original creators of GraphQL.
Related
I would like to be able to use custom headers in queries and mutations.
Basically it would be some context that all the queries and mutations should take into account.
I cannot find a way to do it. Is it even possible with the the current (v2.15.0 as of writing) version of Hasura?
Tried searching the web
By default the Amplify GraphQL APIs return deleted items.
Worse, as near as I can tell there is apparently no way to filter them: Neither syncXYZTable nor listXYZTable queries accept the _deleted field as a parameter. Fortunately the generated code in the DataStore SDK filters out these items, and (somewhat confusingly) the Amplify Studio does not display them (in the Contents tab); but this only highlights the inconsistency: For example as a developer I don't see deleted items anywhere, but as a data scientist or manager using the GraphQL API, I have (it seems) no way of avoiding them.
Am I missing something. Is there really no way to filter out deleted items using the Amplify GraphQL API?
I had to filter these _deleted records in the code. Did not find a way to filter out in GraphQL Response
I've been exploring Graphql for a project and I'm fairly new to it. I came across Relay JS by Facebook. It has a specification on how schema should be defined. My concern with this specification is it's somewhat tied to a JS framework.
Are there other specifications for defining Graphql schema?
There are no standards for creating GraphQL schemas!
Relay is the only GraphQL client right now that is opinionated about what your GraphQL Schema should look like, but I still wouldn't call it a standard. With all other clients (like Apollo or Lokka) the schema can be designed in any way you like!
For inspiration, you might want to take a look at how we design the GraphQL API at Graphcool. We're providing two different APIs:
Relay API: Follows the requirements of Relay
Simple API: Basic CRUD capabilities for each type in your data model
You can additionally include capabilities like ordering or filtering in the API.
it all depends on the server. If you dont need relay (like in my case) i have a custom scheme mapping to mysql db.
You are free to define your own scheme as long as each field is a graphql field
I'm new to web API design, so I've tried to learn best practices of web API design using these articles:
1.Microsoft REST API Guidelines
2.Web API Design-Crafting Interfaces that Developers Love from "Apigee"
Apigee is recommending web API developers to use these recommendations to have better APIs.
I quote here two of the recommendations:
I need C# code for implementing these recommendations in my Web APIs (in ASP Core) which is a back-end for native mobile apps and AngularJs web site.
Sweep complexity behind the ‘?’
Most APIs have intricacies beyond the base level of a resource. Complexities can include many states that can be updated, changed, queried, as well as the attributes associated with
a resource.
Make it simple for developers to use the base URL by putting optional states and attributes behind the HTTP question mark. To get all red dogs running in the park:
GET /dogs?color=red&state=running&location=park
Partial response allows you to give developers just the information they need.
Take for example a request for a tweet on the Twitter API. You'll get much more than a typical twitter app often needs - including the name of person, the text of the tweet, a timestamp, how often the message was re-tweeted, and a lot of metadata.
Let's look at how several leading APIs handle giving developers just what they need in
responses, including Google who pioneered the idea of partial response.
LinkedIn
/people:(id,first-name,last-name,industry)
This request on a person returns the ID, first name, last name, and the industry.
LinkedIn does partial selection using this terse :(...) syntax which isn't self-evident.
Plus it's difficult for a developer to reverse engineer the meaning using a search engine.
Facebook
/joe.smith/friends?fields=id,name,picture
Google
?fields=title,media:group(media:thumbnail)
Google and Facebook have a similar approach, which works well.
They each have an optional parameter called fields after which you put the names of fieldsyou want to be returned.
As you see in this example, you can also put sub-objects in responses to pull in other information from additional resources.
Add optional fields in a comma-delimited list
The Google approach works extremely well.
Here's how to get just the information we need from our dogs API using this approach:
/dogs?fields=name,color,location
Now I need C# code that handles these kind of queries or even more complex like this:
api/books/?publisher=Jat&Writer=tom&location=LA?fields=title,ISBN?$orderBy=location desc,writerlimit=25&offset=50
So web API users will be able to send any kind of requests they want with different complexities, fields, ordering,... based on their needs.
Given an existing API working well with the usual mono-locale approach, what are the steps one should follow to turn it into an internationalized version, which enable user to send/receive keys/values in localized versions?
End user interface internationalization is a well covered topic.internationalized. But how can it be pushed further on request and response? If someone hits an API and wants the response in German how can I do so ?
It is kind of tricky answering without any kind of context, or sample API, or a even a high-level description of what your API does.
But in general it is best to separate your APIs into several layers.
The core functionality and data at the application level should be locale independent, something like this http://mihai-nita.net/2005/10/25/data-internationalization/
Then you would have the presentation layers, with things like date/time/number formatters, collation, localization, etc.