GraphQL

Enums are a special kind of scalar that is restricted to a particular set of allowed values. This allows for validation and type safety.

Fragments are reusable units that let you group sets of fields. This avoids duplication in large queries and helps keep component-based code modular.

Mutations are used to modify data on the server (Create, Update, Delete). Like queries, they return the resulting object, allowing the client to update its UI immediately.

Queries are used to fetch data from the server. They are equivalent to GET requests in REST but allow fetching multiple related resources in a single roundup.

Input types allow passing complex objects as arguments to queries and mutations. They are separate from regular object types to ensure they only contain inputtable fields.

Scalars are the "leaves" of the query tree (Int, Float, String, Boolean, ID). Objects define a set of fields that can be queried recursively.

Variables let you pass parameter values into queries. Directives like `@include` or `@skip` let you dynamically change query structure based on variables.

GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. It provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.

• Declarative: Clients specify exactly what data they want.
• Hierarchical: Queries mirror the shape of the data returned.
• Strongly Typed: The schema defines exactly what is possible.

The SDL is a human-readable syntax used to define the types and fields in a GraphQL schema. It serves as a contract between the client and the server.

Fragments allow components to define exactly what data they need, then the parent query can combine these fragments to fetch all data in a single request.

Use `!` to mark a field or argument as non-nullable. Wrap a type in `[]` to indicate a list. They can be combined: `[String!]!` means a non-null list of non-null strings.

Each field in a GraphQL query is backed by a resolver function. When a field is queried, the server executes its resolver to fetch the actual value.

GraphQL returns an `errors` array alongside the `data` object. A request can be partially successful, returning some data even if some resolvers failed.

Interfaces define a set of fields that multiple types must implement. Unions allow a field to return one of several different types but don't require shared fields.

Subscriptions allow the server to push real-time data to clients when specific events occur. They typically use WebSockets for persistent communication.

Apollo Client is a comprehensive state management library for JavaScript that handles fetching, caching, and modifying application data with GraphQL.

The Relay specification for "Connections" defines a cursor-based pagination pattern (`first`, `after`, `edges`, `node`, `pageInfo`) that is widely adopted for GraphQL APIs.

Introspection allows a client to query the API for its own schema, enabling tools like GraphiQL or GraphQL Playground to provide documentation and autocomplete.

The context is an object shared across all resolvers in a single execution. It's used for authentication data, database connections, and loaders.

The N+1 problem occurs when a query fetches a list of items, and then for each item, a separate database call is made to fetch its nested fields.

DataLoader is a utility library from Facebook that batches and caches requests to your backend (e.g., database or microservices) to solve the N+1 problem.

Normalization breaks down complex query results into individual objects with unique IDs, allowing the client to update one object and have the change reflect across all queries using it.

Authentication is usually handled via standard HTTP headers (e.g., Bearer tokens). The token is decoded and user identity is added to the resolver context.

Authorization (permissions) can be implemented in resolvers, using directives, or within your business logic layer (recommended to avoid leaks).

Production checklist: disable introspection, use persisted queries, implement rate limiting/depth analysis, monitor resolver performance, and cache aggressively where possible.

Persisted queries store the query string on the server and use a hash instead, reducing bandwidth and preventing arbitrary large/unauthorized queries from being run.

Federation is an architecture for building a supergraph where multiple "subgraphs" contribute to a single schema, using specialized directives for cross-service fields.

Depth limiting is a security measure that rejects queries nested too deeply, preventing malicious users from overloading the server with complex recursive queries.

Codegen tools scan your schema and queries to automatically generate TypeScript types or hooks, ensuring perfect alignment between your frontend and backend.

Schema stitching is a process that combines multiple underlying GraphQL APIs into a single, unified gateway API.