Learn API development with Rapid API Comics (sketchnotes and fun analogies).

Rapid API Comics

GraphQL: A Visual Exploration Of It's Benefits

Let's discuss GraphQL and some of the benefits it has on offer

What is GraphQL and what does it do best?

Let's go through some of it's major benefits.
Benefit 1: Strongly Typed

Benefit 3: Reduced Over-Fetching and Under-Fetching 

HTTP Methods: PUT vs PATCH

APIs use several HTTP Methods to create, read, update, and delete data. Two of these methods - PUT and PATCH are used to update and modify data. However, they both do this in slightly different ways. To summarise their difference, we can say that PUT uses the request URI to deliver a modified version of the resource that completely replaces the original. On the other hand, PATCH only partially updates a resource without needing to modify the entire resource.

The PUT method works by completely replacing the original resource with the updated version. If the resource already exists, PUT replaces it. If it does not exist, PUT creates it.

Alternatively, PATCH applies partial updates to resources. The client only needs to send the data intended to be modified in the payload of the request and the rest of the resource remains unchanged. Since PATCH requests typically send minimal data that simply 'patches' a resource, it uses less bandwidth than PUT.

In general, it's best to use PUT only when a whole resource requires updating. Using PUT to update only a few, or even just a single field of a resource often uses unnecessary bandwidth.

The difference between Authentication and Authorization

In a nutshell, authentication is the identification of a user, and authorization controls what a user can access.

You can think of authentication as needing to show your passport at the airport to verify who you are. On the other hand, authorization is like your boarding pass, which controls which flight you can take from within the airport.

Since APIs cannot identify individual users, authentication methods involve authenticating the application requesting the data. The most commonly seen authentication methods are OAuth, API Keys, and basic HTTP authentication.

As for authorization, it is usually predefined by the organization or application settings. There are however access models used to define authorization rules. 

The two most common access models are RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control), which are commonly combined with each other or other authorization methods. Authorization always comes after the process of authentication.