October 4, 2023 By Roy Derks 3 min read

GraphQL has emerged as a key technology in the API space, with a growing number of organizations adopting this new API structure into their ecosystems. GraphQL is often seen as an alternative to REST APIs, which have been around for a long time. Compared to REST APIs (or other traditional API specifications), GraphQL provides more flexibility to API consumers (like app developers) and delivers many benefits, along with a few new challenges to API development and delivery.

I recently attended GraphQLConf 2023, the GraphQL conference in San Francisco where GraphQL experts and users from all over the world came together to discuss the future of the technology. This very first GraphQLConf was organized by the GraphQL Foundation, which IBM is proudly sponsoring. I will highlight seven key insights on GraphQL trends for the coming years based on learnings from the event.

1. GraphQL at scale

GraphQL adoption amongst enterprises has been growing rapidly. A report from Gartner® predicted that by 2025, more than 50% of enterprises will use GraphQL in production, up from less than 10% in 2021. At the GraphQLConf, it became clear that the technology is well on its way to fulfilling this prediction. The conference included speakers and attendees from companies like Pinterest, AWS, Meta, Salesforce, Netflix, Coinbase and Atlassian.

2. API management for GraphQL

Similar to other API specifications, GraphQL should be paired with API management software to get the most benefits. GraphQL is often implemented as a gateway or middleware for different data sources, which means that the API performance and security depend on these downstream sources. To optimize GraphQL API performance, you should make use of a query cost analysis to implement rate limiting based on the connected data sources. Presentations at GraphQLConf discussed how observability and rate limiting play important roles in API management for GraphQL.

3. GraphQL security

Security for GraphQL APIs is becoming even more critical now that enterprises have started running GraphQL at scale. As the structure of GraphQL is different from other API specifications, it has its own needs in terms of security. During the conference, GraphQL-specific vulnerabilities like complexity issues and schema leaks were highlighted. Of course, security threats that apply to standard API specifications—such as injections and server errors—also apply to GraphQL APIs and can often be mitigated by API management solutions.

4. Declarative, SDL-first GraphQL API development

There are two distinct approaches to building GraphQL APIs: “code-first” and “schema-first.” At the core of every GraphQL API is a schema that serves as the type-system.

  • In a “code-first” approach, the schema would be generated from the business logic implemented in the framework that’s used to build the GraphQL API.
  • In the “schema-first” approach, you’d start by defining the schema and map this schema to your business logic separately.

A new emerging approach is called “SDL-first” (Schema Definition Language), where instead of separating the schema and business logic, you define both directly inside the GraphQL schema. I discussed this declarative, SDL-first approach in my talk at GraphQLConf.

5. Incremental delivery of streaming data

Streaming data in GraphQL has long been neglected, but it is getting more relevant with the increased adoption of GraphQL at scale. Real-time data in GraphQL is implemented by using an operation type called “Subscription,” but streaming data has different needs. For streaming data, two new built-in directives will be introduced to the GraphQL specification, which are called “@stream” and “@defer.” By adding these new directives, GraphQL will be able to handle more complex situations where incremental delivery of data is needed. It’s expected that this development will make GraphQL more compatible with asynchronous or event-driven data sources.

6. Open specification for GraphQL federation

GraphQL federation is used to bring together multiple GraphQL APIs to consume all their data from a single API. This will improve the usability and discoverability of all services within the organization. Often, federation will require every downstream service to be a GraphQL API, but some GraphQL solutions allow every data source to be federated into a single GraphQL API. So far, GraphQL federation depended on vendor-specific requirements, which led to many different implementations.

At GraphQLConf it was announced that IBM has joined efforts with other leading companies in the API space to develop an open specification for GraphQL federation under the GraphQL Foundation.

7. GraphQL and AI

As artificial intelligence (AI) transforms how developers write and interact with code, it provides challenges and opportunities for GraphQL, too. For example, how will developers build GraphQL APIs in a world dominated by AI? How can AI help find and prevent security vulnerabilities for GraphQL?

Both at GraphQLConf and IBM TechXchange, IBM Fellow and CTO, Anant Jhingran, presented what role GraphQL plays for AI and API integration. This keynote from IBM TechXchange shows what the combination of GraphQL and AI looks like.

Learn more

With a growing number of organizations not only experimenting with GraphQL, but starting to implement it at scale, the ecosystem is developing quickly. At IBM, we’re helping organizations of all sizes in their GraphQL journey by making it easy to develop production-level GraphQL APIs quickly.

Learn more about the GraphQL capabilities in IBM API Connect, including how to get started for free

More from Automation

Real-time artificial intelligence and event processing  

4 min read - By leveraging AI for real-time event processing, businesses can connect the dots between disparate events to detect and respond to new trends, threats and opportunities. In 2023, the IBM® Institute for Business Value (IBV) surveyed 2,500 global executives and found that best-in-class companies are reaping a 13% ROI from their AI projects—more than twice the average ROI of 5.9%. As all businesses strive to adopt a best-in-class approach for AI tools, let’s discuss best practices for how your company can…

Generative AI in application modernization

8 min read - Application modernization is the process of updating legacy applications leveraging modern technologies, enhancing performance and making it adaptable to evolving business speeds by infusing cloud native principles like DevOps, Infrastructure-as-code (IAC) and so on. Application modernization starts with assessment of current legacy applications, data and infrastructure and applying the right modernization strategy (rehost, re-platform, refactor or rebuild) to achieve the desired result. While rebuild results in maximum benefit, there is a need for high degree of investment, whereas rehost is…

Your Black Friday observability checklist

3 min read - Black Friday—and really, the entire Cyber Week—is a time when you want your applications running at peak performance without completely exhausting your operations teams. Observability solutions can help you achieve this goal, whether you’re a small team with a single product or a large team operating complex ecommerce applications. But not all observability solutions (or tools) are alike, and if you are missing just one key capability, it could cause customer satisfaction issues, slower sales and even top- and bottom-line…

Integrating healthcare apps and data with FHIR + HL7

3 min read - Today’s healthcare providers use a wide variety of applications and data across a broad ecosystem of partners to manage their daily workflows. Integrating these applications and data is critical to their success, allowing them to deliver patient care efficiently and effectively. Despite modern data transformation and integration capabilities that made for faster and easier data exchange between applications, the healthcare industry has lagged behind because of the sensitivity and complexity of the data involved. In fact, some healthcare data are…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters