Skip to main content
HashnodeLeonardo Fernandes's Blog

Command Palette

Search for a command to run...

REST vs GraphQL: A Comprehensive Comparison

Differences Between REST and GraphQL: What You Need to Know

Updated
14 min read
REST vs GraphQL: A Comprehensive Comparison
L
Leonardo Fernandes

Here's a take that will age well: most teams arguing about REST vs GraphQL are arguing about the wrong thing.

They're debating the tool when they should be asking: what does my data access pattern actually look like? Because that question — not hype, not familiarity, not what your tech lead learned at their last company — is the only thing that should drive this decision.

This isn't a "use both!" cop-out post. By the end, you'll have a clear mental model for making this call, and you'll understand why so many teams make it badly.

Why This Decision Matters More Than You Think

Getting the API paradigm wrong isn't just a technical inconvenience — it compounds over time.

Over-fetching kills your mobile app quietly. A REST endpoint designed for a dashboard gives your mobile client everything: full user objects, nested relations, metadata it never renders. On a 3G connection in a developing market, that payload difference between 4KB and 40KB is the difference between your app feeling snappy and users bouncing. You won't notice in your local dev environment. Your users will.

Under-fetching multiplies your requests. You call /users/1, realize you need their posts, call /users/1/posts, realize you need the author of each post's comments... suddenly a single screen requires 6–8 sequential round-trips. On mobile, each round-trip is ~100–300ms of latency. Now your "simple" profile page takes two seconds to load.

The wrong choice creates API versioning nightmares. REST APIs drift over time. You ship /api/v1/users, the frontend needs a new field, so you add it. The mobile app needs a different shape, so you fork the endpoint. Two years later you're maintaining /api/v1, /api/v2, and /api/v3, and every new feature touches all three. This is where large engineering teams quietly die.

GraphQL chosen for the wrong reasons adds operational debt. GraphQL is not free. It requires a schema, a resolver layer, query depth protection, rate limiting strategies that differ from REST, and a different mental model for caching. Teams that adopt it for simple CRUD apps often spend more time fighting the tooling than benefiting from the flexibility.

Choosing wrong means you're not just picking a different HTTP pattern — you're choosing your future pain.

The Core Idea (Without the Buzzwords)

REST is a convention for exposing your data as resources, each with its own URL. You navigate to the resource you want, and you get back what that resource contains.

GraphQL is a query language where the client describes exactly what data it wants, in what shape, in a single request — and the server returns precisely that.

The analogy that actually makes this click:

REST is a restaurant with a fixed menu. You order the "User Combo" and you get what comes with it — name, email, address, profile picture, last login, even if you only needed the name. The kitchen decides what's on the plate.

GraphQL is a buffet with a precise order form. You write down exactly what you want: "name, and the title of their last 3 posts." The kitchen assembles exactly that. Nothing more, nothing less.

The buffet sounds strictly better — but running a buffet is harder than running a fixed menu kitchen. That trade-off is the whole conversation.

How They Actually Work

REST: The Request Lifecycle

A REST API maps HTTP methods to operations on resources. The URL identifies what, the method identifies what to do with it:

GET    /api/users/42          → fetch user 42
POST   /api/users             → create a user
PUT    /api/users/42          → update user 42
DELETE /api/users/42          → delete user 42
GET    /api/users/42/posts    → fetch posts belonging to user 42

The response is fixed. If the /users/42 endpoint returns a 20-field object, you get all 20 fields whether you asked for them or not. If you need data from multiple resources, you make multiple requests.

// Fetching a user profile page — 3 separate requests
const user = await fetch('/api/users/42').then(r => r.json());
const posts = await fetch('/api/users/42/posts').then(r => r.json());
const followers = await fetch('/api/users/42/followers').then(r => r.json());
 
// Now you can render the page — after 3 round trips

GraphQL: One Request, Precise Shape

GraphQL exposes a single endpoint (typically /graphql). Every request is a POST with a query document that describes exactly what the client needs:

query GetUserProfile {
  user(id: 42) {
    name
    avatarUrl
    posts(limit: 3) {
      title
      publishedAt
    }
    followerCount
  }
}

One request. Returns exactly that shape. The response matches the query structure:

{
  "data": {
    "user": {
      "name": "Priya Mehta",
      "avatarUrl": "https://cdn.example.com/avatars/42.jpg",
      "posts": [
        { "title": "Building with GraphQL", "publishedAt": "2025-01-10" },
        { "title": "When REST is the right call", "publishedAt": "2024-12-22" },
        { "title": "API design in 2025", "publishedAt": "2024-11-15" }
      ],
      "followerCount": 1284
    }
  }
}

The trade-off: on the server, you now need resolvers — functions that know how to fetch each field. The client's flexibility is paid for by server complexity.

The Comparison That Actually Matters

Dimension REST GraphQL
Data fetching Fixed shape per endpoint Client specifies exact shape
Request count Often multiple per screen Usually one
Overfetching Common and by design Eliminated
Caching Native HTTP caching (CDN-friendly) Harder — requires tools like Apollo Client
Schema Implicit (docs, OpenAPI) Explicit, enforced, introspectable
Error handling HTTP status codes (clean) Always 200 OK, errors in body (counterintuitive)
Setup cost Low — works with any HTTP client Higher — needs schema, resolvers, client library
Best tooling Postman, curl, any language Apollo, Relay, Hasura, Strawberry
Learning curve Low — developers know HTTP Medium — new mental model for resolvers and schema
Versioning Explicit (v1, v2, v3) Schema evolution (add fields, deprecate, no versions)

Two things on this table deserve more attention:

Caching: REST's biggest hidden advantage. A GET /products/42 request gets cached automatically by browsers, CDNs, and proxies. Zero config. With GraphQL's POST-based queries, you need client-side caching (Apollo's normalized cache, React Query's query keys, etc.) to get the same effect. For public APIs or content-heavy sites, this matters a lot.

Error handling: GraphQL always returns HTTP 200. An invalid query, a missing field, a partial error — all come back as 200 with an errors array. This breaks standard HTTP error monitoring and makes debugging harder if you're not expecting it.

Real-World Scenarios

Building a Mobile App with a Web Dashboard

This is GraphQL's strongest use case, and it's worth understanding precisely why.

Your web dashboard has a sidebar with user info: name, email, company, role. Your mobile app has a profile header: just name and avatar. Your API team is building one backend serving both.

With REST, you have two options: one endpoint that returns everything (mobile over-fetches) or two separate endpoints maintained in parallel. Neither is great.

With GraphQL, the web client queries the fields it needs, the mobile client queries its fields, and the backend serves both from the same schema. No endpoint proliferation, no over-fetching.

Companies that made this call: GitHub moved their public API to GraphQL v4 precisely because they had web, mobile, and third-party clients with wildly different data needs. Shopify's Storefront API is GraphQL because merchants build everything from single-product pages to full storefronts — the query flexibility is the product.

Building a Simple CRUD API for a Single Frontend

You're building a project management tool. One React web app. Your endpoints are obvious: projects, tasks, users, comments. Each screen maps cleanly to a resource.

GraphQL here adds complexity without payoff. You'd write resolvers, set up Apollo Server or a similar runtime, learn the schema definition language, add query depth protection to prevent n+1 issues... and at the end, you have a more complex system that does the same thing a clean REST API with well-named endpoints would do.

The right call is REST. Django REST Framework, FastAPI, Express with simple route handlers — pick your stack and ship.

The signal: if your API surfaces map 1:1 to your database tables and you have one client, you almost certainly don't need GraphQL.

Building a Public API (Third-Party Developers)

Your API will be consumed by developers you don't know, building things you can't predict.

REST is usually the right answer here. Developers understand HTTP. Curl works out of the box. Every language has HTTP client libraries. Documentation is straightforward. API versioning is explicit and predictable.

GraphQL for public APIs requires developers to learn your schema, set up a GraphQL client, and handle the non-standard error model. It's a higher onboarding cost. GitHub, Stripe, and Twilio all have REST APIs as their primary interface (GitHub added GraphQL as an alternative for power users, not a replacement).

The exception: if your public API genuinely serves vastly different client types with different data needs — like GitHub's does — GraphQL as a secondary interface is worth considering.

The Decision Framework

Choose REST when:

  • You have one client, or clients with similar data needs
  • You need CDN caching or are building a public-facing content API
  • Your team is small, moving fast, or doesn't have GraphQL experience
  • You're building a third-party public API
  • The data model is simple and maps cleanly to resources
  • You need simple HTTP-based monitoring and debugging

Choose GraphQL when:

  • You serve multiple clients (mobile + web + third-party) with different data shapes
  • Your UI requires nested relational data in a single request
  • Frontend teams need to iterate on data requirements without backend changes
  • You're building a product platform where clients have highly varied needs
  • Type safety and schema introspection are important to your developer experience

    The rule of thumb: If the problem you're solving is "I fetch too much" or "I make too many requests," reach for GraphQL. If the problem is "I need to expose my backend cleanly," REST is fine.

Key Insights

The n+1 problem doesn't disappear with GraphQL — it moves. In REST, you solve n+1 with batch endpoints or strategic data loading. In GraphQL, it appears in resolvers — a query for 100 users with their posts can trigger 101 database queries. You solve it with DataLoader or similar batching tools. You're not removing the problem; you're moving it to a different layer where you need different tools.

GraphQL is a contract, not just a transport. The schema is a typed API contract between frontend and backend. This is genuinely valuable — breaking changes are caught at schema validation time, not at runtime. But this means your schema is a product you need to maintain, version, and design carefully. Teams that treat it like a quick configuration miss this entirely.

REST's "versioning problem" is often a discipline problem. Teams that accumulate v1, v2, v3 hell usually got there by adding fields to handle new requirements rather than designing clean endpoints. A well-designed REST API can evolve gracefully with additive changes and clear deprecation cycles. GraphQL makes this easier, but it's not magic.

You can combine them — and large systems often should. Your authentication endpoints are REST (simple, standard, well-tooled for security). Your product data API is GraphQL (multiple clients, complex relations). Stripe uses this approach: REST for core payment operations, more complex queries handled differently. Don't treat this as binary.

Resolver performance is invisible until it isn't. A GraphQL query that looks simple can hammer your database depending on how resolvers are written. In REST, you have explicit control over what SQL each endpoint runs. In GraphQL, a poorly written resolver tree can run dozens of queries for a single client request. This is manageable with DataLoader and query analysis, but it requires intentional engineering.

Common Mistakes

Adding GraphQL to avoid hard conversations. "Our REST endpoints return too much data" is often a symptom of a badly designed API, not a fundamental limitation of REST. Before adopting GraphQL, ask if your existing REST design is the actual problem.

Treating the GraphQL schema as an afterthought. If you auto-generate your schema directly from your database models, you've built a leaky abstraction. Your schema should reflect the client's view of the world, not your database's. These are often different things.

Forgetting about authorization at the field level. In REST, endpoint-level auth is straightforward. In GraphQL, a single query can access multiple resource types, and each field might have different permission requirements. Field-level authorization is a solved problem (with tools like graphql-shield) but it's a problem you need to solve deliberately.

Choosing GraphQL because it seems more modern. REST is not legacy technology. It's the right tool for a huge proportion of API use cases. "We should use GraphQL" is a fine conclusion when driven by actual requirements. It's a bad conclusion when driven by the feeling that REST is old.

TL;DR

  • REST = fixed endpoints, simple caching, low setup cost, great for single clients and public APIs
  • GraphQL = client-controlled queries, eliminates over/under-fetching, higher setup cost, great for multi-client products
  • The decision turns on one question: do your different clients need meaningfully different shapes of the same data?
  • If yes → GraphQL earns its complexity
  • If no → REST is simpler, cacheable, and ships faster
  • Neither is inherently superior. The right tool depends on your data access patterns, not on what's trending

A Note on Tooling & Ecosystem

One practical consideration that rarely makes it into comparison posts: the ecosystem around each approach has matured very differently.

REST tooling is invisible by design. Swagger/OpenAPI for documentation, Postman for testing, any HTTP monitoring tool for observability, any CDN for caching — none of it requires learning anything new. If you already know how to build web services, REST just works.

GraphQL tooling requires deliberate investment. Apollo Client or urql on the frontend, Apollo Server or Pothos or Strawberry on the backend, DataLoader for batching, persisted queries for production performance, query complexity analysis to prevent abuse. Each of these is well-built and well-documented — but each is something your team needs to learn and configure. The GraphQL ecosystem rewards teams that invest in it and punishes teams that don't.

For a team of 2–3 developers building fast, REST's invisible tooling is a real advantage. For a team of 20+ where frontend and backend are separate disciplines, GraphQL's explicit schema acts as a forcing function for clear API contracts and reduces the "can you add this field?" back-and-forth between teams.

Subscriptions: GraphQL's underrated advantage. If your app needs real-time updates — live dashboards, collaborative editing, notification feeds — GraphQL subscriptions give you a clean model for this. The client subscribes to a query and gets pushed updates when the data changes. With REST, you're reaching for WebSockets or Server-Sent Events and implementing the event stream logic yourself. For real-time heavy apps, this tilts the scale toward GraphQL more than almost any other consideration.

Conclusion

The teams that make this decision well aren't the ones with the most GraphQL experience or the ones who've read the most spec. They're the ones who start by mapping out what their clients actually need, how that varies across clients, and what the real cost of over-fetching or extra round-trips looks like for their users.

If you're serving one frontend and your data is mostly CRUD, REST will serve you well for years. If you're building a platform that serves apps you don't fully control, with data relationships that span multiple resources, GraphQL will pay dividends.

Don't pick the tool that sounds more impressive in a technical interview. Pick the one that makes your users' experience better and your engineering team's life simpler. Usually those point to the same answer.

What's Your Call?

Have you migrated from REST to GraphQL — or the other direction? What was the breaking point that pushed you to switch? And if you're running both, what's your strategy for keeping the boundary clean?

Drop your experience in the comments. The messy real-world cases are always more useful than the clean textbook ones.

#rest-api#graphql#backend-development#software-development#web-development#chaicode
21 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

L

Leonardo Fernandes's Blog

10 posts