CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

GraphQL vs REST vs gRPC

API Design Intermediate
debt(d7/e7/b7/t5)
d7 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'only careful code review or runtime testing' (d7). The detection_hints note automated=no, and tools listed (postman, graphql-playground) are manual inspection tools. The code_pattern signals (20+ endpoints returning large responses, mobile app using 10% of payload) are only apparent through architectural review or production monitoring — no automated tooling flags a wrong protocol choice.

e7 Effort Remediation debt — work required to fix once spotted

Closest to 'cross-cutting refactor across the codebase' (e7). The quick_fix is a high-level guideline, not a one-line patch. Migrating between API protocols (REST→GraphQL or REST→gRPC) requires rewriting endpoint definitions, client integrations, authentication, caching strategies, and potentially BFF layers — touching every consumer of the API across the codebase. This is a systemic change, not a local one.

b7 Burden Structural debt — long-term weight of choosing wrong

Closest to 'strong gravitational pull' (b7). The choice of API protocol shapes every future endpoint design, client contract, documentation, caching strategy, and tooling selection. Once a public REST API is established (or GraphQL schema is published), every new feature and every new client is shaped by that decision. The applies_to covers web and api contexts broadly, indicating wide reach.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap (a documented gotcha most devs eventually learn)' (t5). The misconception field captures it precisely: developers assume GraphQL is universally better because it avoids over-fetching, but it introduces N+1 problems, complex caching, and operational overhead. Similarly, common_mistakes show gRPC misuse for browser APIs and GraphQL misuse for internal services. These are well-documented gotchas that experienced developers learn but intermediate developers regularly fall into.

About DEBT scoring → scored by claude-sonnet-4-6 · 2026-05-08 · reviewed by human

Also Known As

REST vs GraphQL gRPC vs REST API protocol comparison

TL;DR

REST for public APIs and resource-oriented design, GraphQL for flexible client-driven queries, gRPC for high-performance internal service communication.

Explanation

REST: resource-based (nouns in URLs), standard HTTP methods, cacheable with CDN, well understood — best for public APIs and simple CRUD. GraphQL: client specifies exact fields needed, single endpoint, eliminates over/under-fetching, but complex caching and N+1 risks — best for frontend-driven APIs with diverse client needs. gRPC: Protocol Buffers binary serialisation, HTTP/2, bidirectional streaming, strongly typed contracts, 5-10x faster than JSON REST — best for internal microservice communication where performance matters.

Common Misconception

GraphQL is always better than REST because it avoids over-fetching — GraphQL adds N+1 risk, complex caching requirements, and operational overhead; for simple resource APIs, REST with sparse fieldsets is cleaner.

Why It Matters

Choosing the wrong API protocol forces expensive migrations — a public REST API chosen for a mobile app with highly variable data requirements causes persistent over-fetching; GraphQL would have been better.

Common Mistakes

  • GraphQL for internal service communication — gRPC is faster and better typed.
  • REST for APIs with deeply variable client data needs — GraphQL handles this naturally.
  • No DataLoader with GraphQL — N+1 problem makes GraphQL slower than REST without it.
  • gRPC for browser-facing APIs — gRPC requires grpc-web proxy for browser clients.

Code Examples

✗ Vulnerable 
// REST for mobile app — persistent over-fetching:
GET /api/users/42
// Returns: all 25 fields
// Mobile needs: name, avatar (2 fields)
// 23 fields wasted on every request
✓ Fixed 
// Right tool for the job:

// Public REST API — simple, cacheable, well-understood:
GET /api/products/42          → product data (CDN cacheable)

// GraphQL for mobile/web with varied needs:
query { user(id:42) { name avatar } }  → exactly 2 fields

// gRPC for internal PHP microservices:
// payment.proto: rpc Charge(ChargeRequest) returns (ChargeResponse)
// Generated PHP client + binary protocol
// 5x faster than JSON REST for high-frequency calls
Added 16 Mar 2026
Edited 22 Mar 2026
Views 47

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 0 pings W 1 ping T 0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 1 ping S 2 pings S 3 pings M 1 ping T 1 ping W 0 pings T 0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 1 ping F 0 pings S 0 pings S 2 pings M 0 pings T 0 pings W
Agents 0
No pings yet today
No pings yesterday
Amazonbot 7 Perplexity 5 Scrapy 5 Ahrefs 4 SEMrush 4 Google 3 Claude 2 Bing 2 Meta AI 1 Majestic 1 PetalBot 1
Also referenced
REST Architectural Constraints 105 GraphQL 45 API Gateway Pattern 44 gRPC 35
How they use it
crawler 31 crawler_json 4
Related categories
architecture 3.2k api_design 910
DEV INTEL Tools & Severity
🔵 Info ⚙ Fix effort: Medium
⚡ Quick Fix
Use REST for simple CRUD with well-defined resources; use GraphQL when clients have highly varying data needs, multiple clients need different shapes, or you want to reduce over/under-fetching
📦 Applies To
any web api
🔗 Prerequisites
🔍 Detection Hints
REST API with 20+ endpoints all returning same large response; mobile app using 10% of REST response payload; multiple BFF REST APIs that GraphQL would unify
Auto-detectable: ✗ No postman graphql-playground
⚠ Related Problems
🤖 AI Agent
Confidence: Low False Positives: High ✗ Manual fix Fix: High Context: File
✓ schema.org compliant