nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

An Empirical Study of GraphQL Schemas

verfasst von : Erik Wittern, Alan Cha, James C. Davis, Guillaume Baudart, Louis Mandel

Erschienen in: Service-Oriented Computing

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

GraphQL is a query language for APIs and a runtime to execute queries. Using GraphQL queries, clients define precisely what data they wish to retrieve or mutate on a server, leading to fewer round trips and reduced response sizes. Although interest in GraphQL is on the rise, with increasing adoption at major organizations, little is known about what GraphQL interfaces look like in practice. This lack of knowledge makes it hard for providers to understand what practices promote idiomatic, easy-to-use APIs, and what pitfalls to avoid.

To address this gap, we study the design of GraphQL interfaces in practice by analyzing their schemas – the descriptions of their exposed data types and the possible operations on the underlying data. We base our study on two novel corpuses of GraphQL schemas, one of 16 commercial GraphQL schemas and the other of 8,399 GraphQL schemas mined from GitHub projects. We make available to other researchers those schemas mined from GitHub whose licenses permit redistribution. We also make available the scripts to mine the whole corpus. Using the two corpuses, we characterize the size of schemas and their use of GraphQL features and assess the use of both prescribed and organic naming conventions. We also report that a majority of APIs are susceptible to denial of service through complex queries, posing real security risks previously discussed only in theory. We also assess ways in which GraphQL APIs attempt to address these concerns.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Automating SLA-Driven API Development with SLA4OAI

We anonymized the returned names.

We submitted a pull request adding several public GraphQL APIs that were missing from the APIs.guru list, but that we found using web searches. The APIs.guru maintainers accepted the pull request and we included those schemas in this analysis.

A complete schema (1) contains a query operation (a SchemaDefinition node [15] or a Query object type [8]), and (2) defines all referenced types and directives.

If multiple possible definitions were found, we broke ties under the assumption that developers will use the directory hierarchy to place related files close to each other.

We collected data in November 2018 using the same methodology, and found 5,345 unique schemas, 701 of which resulted from merging. This reflects a growth of \(57\%\) in half a year.

Subscriptions permit clients to register for continuous updates on data.

For simplicity, we tested for camelCase and PascalCase names using only the first letter. A more sophisticated dictionary-based analysis is a possible extension.

These conventions are “organic” in the sense that they are emerging naturally without apparent central direction. There could, however, be some hidden form of direction, e.g. many projects influenced by the same team or corporation.

In practice, the size of retrieved object lists are often explicitly bounded by slicing arguments (e.g., first: 2 in Fig. 1). See also Sect. 4.4.

In Table 3, we use the slightly relaxed notion \(O(n \times D^K)\).

In GraphQL the first field is always query, and cannot be a list type.

APIs-guru/graphql-apis: A collective list of public GraphQL APIs. https://github.com/APIs-guru/graphql-apis

GraphiQL: An in-browser IDE for exploring GraphQL. https://github.com/graphql/graphiql

GraphQL Faker. https://github.com/APIs-guru/graphql-faker

GraphQL Style conventions. https://www.apollographql.com/docs/apollo-server/essentials/schema.html#style

Introduction to GraphQL. https://graphql.org/learn/

JavaScript reference implementation for GraphQL. https://github.com/graphql/graphql-js

Pagination. http://graphql.github.io/learn/pagination/

Schemas and Types. https://graphql.org/learn/schema

Who’s using GraphQL? http://graphql.org/users

10.

Introducing Yelp’s Local Graph (2017). https://engineeringblog.yelp.com/2017/05/introducing-yelps-local-graph.html

11.

React, Relay and GraphQL: Under the Hood of The Times Website Redesign (2017). https://open.nytimes.com/react-relay-and-graphql-under-the-hood-of-the-times-website-redesign-22fb62ea9764

12.

GitHub GraphQL API v4 (2019). https://developer.github.com/v4/

13.

GraphQL and Shopify (2019). https://help.shopify.com/en/api/custom-storefronts/storefront-api/graphql/

14.

GraphQL Current Working Draft: Schema (2019). https://facebook.github.io/graphql/draft/#sec-Executable-Definitions

15.

GraphQL Current Working Draft: Schema (2019). https://facebook.github.io/graphql/draft/#sec-Schema

16.

Brito, G., Mombach, T., Valente, M.T.: Migrating to GraphQL: a practical assessment. In: 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 140–150. IEEE (2019)

17.

Facebook Inc.: GraphQL. Working Draft, June 2018. https://facebook.github.io/graphql/

18.

Gamez-Diaz, A., Fernandez, P., Ruiz-Cortes, A.: An analysis of RESTful APIs offerings in the industry. In: Maximilien, M., Vallecillo, A., Wang, J., Oriol, M. (eds.) ICSOC 2017. LNCS, vol. 10601, pp. 589–604. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69035-3_43CrossRef

19.

Hartig, O., Pérez, J.: An initial analysis of Facebook’s GraphQL language. In: CEUR Workshop Proceedings (2017)

20.

Hartig, O., Pérez, J.: Semantics and complexity of GraphQL. In: Conference on World Wide Web (WWW) (2018)

21.

Kim, Y.W., Consens, M.P., Hartig, O.: An empirical analysis of GraphQL API schemas in open code repositories and package registries. In: Proceedings of the 13th Alberto Mendelzon International Workshop on Foundations of Data Management (AMW), June 2019

22.

Palma, F., Gonzalez-Huerta, J., Moha, N., Guéhéneuc, Y.-G., Tremblay, G.: Are RESTful APIs well-designed? Detection of their linguistic (Anti)Patterns. In: Barros, A., Grigori, D., Narendra, N.C., Dam, H.K. (eds.) ICSOC 2015. LNCS, vol. 9435, pp. 171–187. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48616-0_11CrossRef

23.

Petrillo, F., Merle, P., Moha, N., Guéhéneuc, Y.-G.: Are REST APIs for cloud computing well-designed? An exploratory study. In: Sheng, Q.Z., Stroulia, E., Tata, S., Bhiri, S. (eds.) ICSOC 2016. LNCS, vol. 9936, pp. 157–170. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46295-0_10CrossRef

24.

Rinquin, A.: Avoiding n+1 requests in GraphQL, including within subscriptions

25.

Stoiber, M.: Securing your GraphQL API from malicious queries

26.

Vargas, D.M., et al.: Deviation testing: a test case generation technique for GraphQL APIs (2018)

27.

Vázquez-Ingelmo, A., Cruz-Benito, J., García-Peñalvo, F.J.: Improving the OEEU’s data-driven technological ecosystem’s interoperability with GraphQL. In: Proceedings of the 5th International Conference on Technological Ecosystems for Enhancing Multiculturality - TEEM 2017, pp. 1–8 (2017)

28.

Vogel, M., Weber, S., Zirpins, C.: Experiences on migrating RESTful web services to GraphQL. In: Braubach, L., et al. (eds.) ICSOC 2017. LNCS, vol. 10797, pp. 283–295. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91764-1_23CrossRef

29.

Wittern, E., Cha, A., Davis, J.C., Baudart, G., Mandel, L.: GraphQL schema collector. https://doi.org/10.5281/zenodo.3352421, accessible at https://github.com/ErikWittern/graphql-schema-collector

30.

Wittern, E., Cha, A., Davis, J.C., Baudart, G., Mandel, L.: GraphQL Schemas. https://doi.org/10.5281/zenodo.3352419, accessible at https://github.com/ErikWittern/graphql-schemas

31.

Wittern, E., Cha, A., Laredo, J.A.: Generating GraphQL-Wrappers for REST(-like) APIs. In: Mikkonen, T., Klamma, R., Hernández, J. (eds.) ICWE 2018. LNCS, vol. 10845, pp. 65–83. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91662-0_5CrossRef

Titel: An Empirical Study of GraphQL Schemas
verfasst von: Erik Wittern
Alan Cha
James C. Davis
Guillaume Baudart
Louis Mandel
Verlag: Springer International Publishing
Buch: Service-Oriented Computing
Print ISBN: 978-3-030-33701-8

Electronic ISBN: 978-3-030-33702-5

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-33702-5_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"