GraphQL Interview Questions

• GraphQL vs REST? GraphQL: single endpoint, client specifies exact data needed (no over/under-fetching), strong typing, introspection, ideal for complex UIs. REST: multiple endpoints, simpler caching, better for public APIs, familiar

• What is the N+1 problem in GraphQL? Resolver for a list runs N child resolvers individually. Fix with DataLoader — batches and deduplicates DB calls within one tick. DataLoader.load(id) returns Promise; all loads in one tick are batched into single query

• What is DataLoader? Batching utility by Facebook. Collects all load(key) calls in current tick, calls batch function once with all keys. Also caches results within a request. Essential for production GraphQL performance

• How to handle auth in GraphQL? Add user to context in server setup. Check in resolvers or use directives (@auth, @hasRole). Prefer field-level auth for fine-grained control. Disable introspection in production

• Mutations vs queries? Queries: read data, run in parallel. Mutations: write data, run serially (each mutation waits for previous). Subscriptions: real-time via WebSocket/SSE

• How to prevent abuse/DoS? Query depth limiting (max nesting). Query complexity analysis (assign cost per field). Rate limiting. Persisted queries (only allow pre-registered queries in production). Disable introspection in prod

• Apollo Client cache? Normalized in-memory cache — normalizes by __typename + id. Queries refetch or serve from cache based on fetchPolicy (cache-first, network-only, cache-and-network). Manual update with cache.modify() or cache.writeQuery()