Oh, we have that too! But we call it HTTP endpoints.

GQL is an HTTP endpoint. The question is, how are you schematizing, documenting, validating, code-generating, monitoring, etc. the request and response on your HTTP endpoints? (OpenAPI is another good choice.)

Really? Hmm... where in the HTTP spec does it allow for returning an arbitrary subset of any specific request, rather than the whole thing? And where does it ensure all the results are keyed by id so that you can actually build and update a sensible cache around all of it rather than the mess that totally free-form HTTP responses lead to? Oh weird HTTP doesn't have any of that stuff? Maybe we should make a new spec, something which does allow for these patterns and behaviors? And it might be confusing if we use the exact same name as HTTP, since the usage patterns are different and it enables new abilities. If only we could think of such a name...

HTTP Range doesn't have anything to do with allowing a client to select a subset of fields.

The Range header isn't for requesting a subset of a resource from the server?

Let's say your REST endpoint returned an object with keys foo, bar, baz and quuz. How would you use HTTP Range to only select foo and baz?

also handy for bypassing bandwidth restrictions: capped at 100kbps? launch 1000 workers to grab chunks then assemble the survivors

that's what axel downloader does!

Etag and cache control headers?

Without wishing to take part in a pile on - I am wondering why you're using graphql if you are kneecapping it and restricting it to set queries.

Because it solves all sorts of other problems, like having a well-defined way to specify the schema of queries and results, and lots of tools built around that.

I would be surprised to see many (or any) GQL endpoints in systems with significant complexity and scale that allow completely arbitrary requests.

OpenAPI does the same thing for http requests, with tooling around it.

With typed languages you can auto-generate OpenAPI schemas from your code.

Yep, OpenAPI is also a good choice nowadays. That’s typically used with the assumption you’ve chosen a supported subset of queries. With GQL you have to add that on top.

Shopify's GraphQL API limits you in complexity (essentially max number of fields returned), but it's basically arbitrary shapes.

Probably for one of the reasons graphql was created in the first place - accomplish a set of fairly complex operations using one rather than a multitude of API calls. The set can be "everything" or it can be "this well-defined subset".

You could be right, but that's really just "Our API makes multiple calls to itself in the background"

I could be wrong but I thought GraphQL's point of difference from a blind proxy was that it was flexible.

It is flexible, but you don’t have to let it be infinitely flexible. There’s no practical use case for that. (Well, until LLMs, perhaps!)

I guess that I'm reading your initial post a little more strictly than you're meaning

I think they mean something like (or what I think of as) “RPC calls, but with the flexibility to select a granular subset of the result based on one or more schemas”. This is how I’ve used graphql in the past at least.

> I am wondering why you're using graphql if you are kneecapping it and restricting it to set queries.

Because you never want to expose unbounded unlimited dynamic queries in production. You do want a very small subset that you can monitor, debug, and optimize.