REST APIs with GraphQL: Hybrid Design Patterns

In recent years, APIs have become an essential part of modern web development. The rise of microservices and distributed systems has made APIs a crucial tool for connecting and communicating between different services. REST (Representational State Transfer) has been the go-to design pattern for building web APIs for quite some time. However, with the introduction of GraphQL, a query language for APIs developed by Facebook, developers now have an alternative way to design APIs. In this blog post, we will explore hybrid design patterns that combine the strengths of both REST and GraphQL to build efficient and flexible APIs. We will cover the basics of REST and GraphQL, their key differences, and how to implement hybrid patterns using code examples.

Understanding REST and GraphQL

Before diving into hybrid design patterns, let's briefly discuss REST and GraphQL to understand their basic principles and differences.


REST is an architectural style for designing networked applications. It relies on a stateless, client-server communication protocol, usually HTTP. RESTful APIs use standard HTTP methods, such as GET, POST, PUT, and DELETE, to perform operations on resources, which are identified by URIs (Uniform Resource Identifiers).


GraphQL is a query language for APIs and a runtime for executing those queries against your data. Unlike REST, which exposes a fixed set of endpoints for each resource, GraphQL exposes a single endpoint that clients can query to fetch the exact data they need. This provides flexibility and reduces the amount of data that needs to be transferred over the network.

Key Differences Between REST and GraphQL

Here are some key differences between REST and GraphQL that will help us understand why and when to use hybrid patterns:

  1. Data Fetching: REST APIs usually require multiple endpoints to fetch related data, while GraphQL allows clients to fetch all the required data in a single request.
  2. Over-fetching and Under-fetching: REST APIs often return more data than required (over-fetching) or require multiple requests to fetch all the necessary data (under-fetching). GraphQL eliminates both problems by allowing clients to request only the data they need.
  3. Versioning: REST APIs typically use versioning to introduce changes without breaking existing clients. GraphQL, on the other hand, supports evolving APIs without the need for versioning, as clients can request only the fields they need.

Hybrid Design Patterns

Now that we have a basic understanding of REST and GraphQL, let's explore some hybrid design patterns that combine their strengths.

Pattern 1: REST API with GraphQL Query

One common hybrid pattern is to use RESTful principles to design your API but add GraphQL support to allow clients to fetch related data in a single request.

Example: Fetching User and Their Posts

Let's assume we have a simple blog application with users and their posts. Using a traditional REST API, we might have the following endpoints:

  • GET /users/:id – Fetch a user by ID
  • GET /users/:id/posts – Fetch all posts for a specific user

If a client wants to fetch a user and their posts, they would need to make two separate requests:

  1. Fetch the user: GET /users/1
  2. Fetch the user's posts: GET /users/1/posts

Now let's add GraphQL support to our REST API. We can expose a new endpoint, /graphql, that accepts GraphQL queries. Clients can now fetch a user and their posts in a single request:

query { user(id: 1) { id name posts { id title content } } }

To implement this pattern, you can use GraphQL libraries such as Apollo Server (for Node.js) or Graphene (for Python). These libraries provide the necessary toolsto parse and execute GraphQL queries against your existing data sources.

Here's a simple implementation using Apollo Server and an in-memory data source:

const { ApolloServer, gql } = require('apollo-server'); // Sample data const users = [ { id: 1, name: 'Alice' }, { id: 2, name: 'Bob' }, ]; const posts = [ { id: 1, userId: 1, title: 'Hello World', content: 'Welcome to my blog!' }, { id: 2, userId: 1, title: 'Another Post', content: 'This is another post.' }, { id: 3, userId: 2, title: 'Bob\'s Post', content: 'This is Bob\'s post.' }, ]; // GraphQL type definitions const typeDefs = gql` type User { id: ID! name: String! posts: [Post!]! } type Post { id: ID! title: String! content: String! userId: ID! } type Query { user(id: ID!): User } `; // GraphQL resolvers const resolvers = { Query: { user: (_, { id }) => users.find(user => === parseInt(id)), }, User: { posts: (user) => posts.filter(post => post.userId ===, }, }; // Create and start the Apollo Server const server = new ApolloServer({ typeDefs, resolvers }); server.listen().then(({ url }) => console.log(`Server ready at ${url}`));

With this implementation, clients can still use the existing REST endpoints for fetching users and posts, but they also have the option to use GraphQL queries for more flexibility and efficiency.

Pattern 2: REST API with GraphQL Schema Stitching

Another hybrid pattern is to use GraphQL schema stitching to combine multiple REST APIs into a single GraphQL API. This is useful when you have multiple microservices exposing REST APIs, and you want to provide a unified GraphQL API for clients to consume.

Schema stitching involves merging the schemas of multiple GraphQL APIs into a single schema. This can be achieved using tools like Apollo Federation or GraphQL Tools.

Example: Combining User and Post APIs

Let's assume we have two separate microservices for users and posts, each exposing a REST API:

  • User API: GET /users/:id
  • Post API: GET /posts/:id, GET /posts/user/:userId

To combine these APIs into a single GraphQL API, we can use schema stitching. First, we need to create a GraphQL schema for each REST API:

// User GraphQL schema const userSchema = gql` type User { id: ID! name: String! } type Query { user(id: ID!): User } `; // Post GraphQL schema const postSchema = gql` type Post { id: ID! title: String! content: String! userId: ID! } type Query { post(id: ID!): Post postsByUser(userId: ID!): [Post!]! } `;

Next, we can use GraphQL Tools to stitch these schemas together:

const { mergeSchemas } = require('@graphql-tools/schema'); const mergedSchema = mergeSchemas({ schemas: [userSchema, postSchema], // Add any necessary resolvers for connecting the schemas });

Finally, we can create an Apollo Server with the merged schema:

const server = new ApolloServer({ schema: mergedSchema }); server.listen().then(({ url }) =>console.log(`Server ready at ${url}`));

With this implementation, clients can now query both user and post data through a single GraphQL API. Here's an example query:

query { user(id: 1) { id name } post(id: 1) { id title content } postsByUser(userId: 1) { id title } }

To fetch data from the underlying REST APIs, you can use the http module in Node.js or any other HTTP client library in your preferred language. You can also use tools like the @apollo/gateway package for Apollo Federation or the @graphql-tools/wrap package for wrapping REST APIs as GraphQL services.


When should I use a hybrid design pattern?

A hybrid design pattern is suitable when you want to leverage the strengths of both REST and GraphQL in your API design. This can include situations where you want to provide more flexibility and efficiency for clients consuming your API, or when you want to combine multiple REST APIs into a single GraphQL API.

Can I use GraphQL with existing REST APIs?

Yes, you can use GraphQL with existing REST APIs by adding GraphQL support to your REST API or by using schema stitching to combine multiple REST APIs into a single GraphQL API. Both of these approaches allow you to continue using your existing REST API while also benefiting from the flexibility and efficiency provided by GraphQL.

What are the performance implications of using hybrid design patterns?

Using a hybrid design pattern can improve performance by reducing the amount of data transferred over the network and allowing clients to fetch related data in a single request. However, it can also introduce some overhead in processing GraphQL queries and stitching schemas. It's essential to carefully consider the trade-offs and potential performance implications when choosing a hybrid design pattern for your API.

How do I secure my hybrid API?

Securing a hybrid API involves securing both the REST and GraphQL parts of the API. You can use standard security practices for REST APIs, such as authentication and authorization, rate limiting, and input validation. For GraphQL, you can use tools like GraphQL Shield or custom directives to implement authorization and access control. You should also validate and sanitize input data to prevent potential security vulnerabilities.

Sharing is caring

Did you like what Mehul Mohan wrote? Thank them for their work by sharing it on social media.


No comments so far