GraphQL API Querying

Published on

Screenshot of RiskNodes's GraphQL querying capability

Today we’ve released RiskNodes’s new GraphQL query endpoint. This feature makes it easier to develop custom user-interface or API integration apps.

What is GraphQL?

GraphQL is a communication standard for fetching data. It’s delivered over HTTP which means it’s accessible by web browsers or application code. Graphql’s main feature is that the consumer (the client system) can specify whatever data they require from a deep, hierarchical structure. Such an interface can replace many individual REST API endpoints, each of which would return a different data. Effectively, GraphQL moves work from the client developer onto the server - the developer specifies the data and the server must deliver it.

How does RiskNodes use GraphQL?

RiskNodes projects are based around a questionnaire. There is an obvious hierarchical structure to the data in a project, and permissions are mostly scoped to the project ID, so it is a natural fit for a GraphQL query.

Implementation & Performance

RiskNodes’s core application is a Python web application built on Starlette and ASGI. Python is a wonderful language with an extraordinarily rich infrastructure of tools and libraries. It is also concise yet readable — which pays off in faster development and easier maintenance. The downside is that Python is slow — a necessary trade-off for the concision and readability. The good news is that, most of the time, that slowness does not matter at all. Most of the work in handling an HTTP request is in handling the HTTP envelope, fetching database data, and then transforming database data into JSON. RiskNodes implements all these steps in Python extension modules written in C or Rust — fast, compiled languages.

GraphQL changes this calculation a little. By moving more work onto the server, GraphQL queries demand more server processing time. The GraphQL query must be parsed, followed by highly dynamic SQL query building. With this in mind, the GraphQL query endpoint is implemented using Strawberry, a Python-native GraphQL library that integrates directly with the ASGI application. This keeps the deployment as a single process — consistent with the sovereign-first principle that the entire system runs on one machine with no separate services.

Response time for a simple object lookup query is around 3 milliseconds. For a deeply nested, worst-case query with hundreds of properties, this goes up to around 10 milliseconds.

Query Format

Here’s an example of a query which fetches Project, Section and Questions in one shot:

query {
  project(id: 123) {
    title
    sections {
      title
      questions {
        title
        tags {
          name
        }
      }
    }
  }
}

Benefits for UI Developers

GraphQL transforms the developer experience by replacing multiple REST calls with a single, precisely-tailored query. Fetch a project, its sections, questions, and tags in one request — getting exactly the fields you need, nothing more. This eliminates over-fetching, reduces bandwidth and removes the need to coordinate multiple API endpoints. The self-documenting schema through GraphQL Playground means less time reading docs and more time building features. Developers can iterate faster, experiment freely, and deliver responsive UIs without wrestling with data plumbing.