Difference between graphql server and api gateway

Difference between graphql server and api gateway


1

What is the difference between GraphQL Server and API Gateway ? As it both can combine the response of multiple apis and can do authentication, input validation, metrics.

4 Answers
4


1

A gateway is a server that routes traffic, it is a commonly used system design pattern as described here by Martin Fowler.

You can implement a gateway in any layer of the OSI model.

You can use it to route TCP, UDP packages in the transport layer, DNS queries, HTTP requests in the application layer, or even in a motherboard bus of a computer.

A Graphql Server is a web server, in the application layer of the OSI model, that implements the GraphQL spec.

You could implement a gateway using a Graphql server.


0


+50

I would classify the roles a little like this:

API Gateway

In the days of on-premise hosting, an API gateway was hosted in a DMZ and exposed to the internet. An attacker who gained access to the gateway would not be able to access things like database connection strings. This type of layering is still a hosting best practice, though cloud providers may do it for you.

API gateways can deal with cross cutting concerns such as rate limiting. They can also run plugins to implement generic security such as translating cookies to tokens, or applying CSRF checks. This simplifies the code you need to write in APIs.

An interesting use case is legal requirements in some sectors, to keep a user’s data within their home country. Gateways can manage this type of advanced routing also, eg if there is a region value in a cookie or token that can be read. This might ensure that all requests for a US user get routed to US servers, even if the user is currently in Asia.

Aggregator APIs

Before GraphQL, an end-to-end flow from UIs to APIs might involve a 1000 mile HTTP request from the app to an entry point API. This might then call 3 other APIs hosted right next to it, to provide both good performance and good separation of concerns.

I would say a GraphQL server has this type of role. Whether you need both roles or just one is perhaps a judgment call, which depends upon requirements important to you, and which component does the job best.

Kubernetes Ingress

A gateway can be very lightweight. In Kubernetes the ingress controller acts as a gateway and can receive requests from multiple internet URLs. So you might use a Kong or NGINX ingress, which can run plugins to apply custom logic when needed. That would route to the GraphQL server.

2

  • Can API Gateway internally calls three apis and combine response and send response to client as graphql also does it ?

    – Ajay S

    Sep 29, 2022 at 6:42

  • Gateways are not usually used like that and I would use GraphQL server instead. See also my note on how Kubernetes does it.

    – Gary Archer

    Sep 29, 2022 at 12:24


0

GraphQL server is a kind of API Gateway.

The objective is to expose a multitude of API from multiple microservices from one endpoint.

The real difference is that with GraphQL you will ask an api to get some informations (and you will send in the body, the structure of the data you want to retrieve).
A classic API will have a response structure defined in its OpenAPI contract, and you will receive "all the data" whatever you want or not.

Example of steps to query GraphQL


0

Both are completely different. API Gateway is mainly for metering, enforcing policies and runtime enforcement. Where as GraphQL is for dictating the server to return the result based on the request from client layer.

Usually REST APIs are defined based on the business purposes. If the purpose is enhanced or changed, then we need to introduce a new REST API or accumulate the existing REST APIs and product the expected result.

But GraphQL will solve this problem easily. Because client can dictate that what should be response and the GraphQL server can understand the query and respond accordingly.

So GraphQL and APIGateway are for completely different purposes



Leave a Reply

Your email address will not be published. Required fields are marked *