REST vs GraphQL: When to Use Each for Your API

REST and GraphQL are the two dominant approaches to building web APIs. REST has been the industry standard for over a decade. GraphQL, created by Facebook in 2015, gives clients the power to request exactly the data they need. This guide covers how they differ, their trade-offs, and when to use each.

Quick Comparison

Feature	REST	GraphQL
Architecture	Resource-based (multiple endpoints)	Schema-based (single endpoint)
Data fetching	Server decides what to return	Client specifies exactly what it needs
Over-fetching	Common (fixed response shape)	Eliminated (query only what you need)
Under-fetching	Requires multiple requests	One query for nested/related data
Caching	Built-in HTTP caching (ETags, 304s)	Requires client-side cache (Apollo, urql)
Versioning	`/api/v1/`, `/api/v2/`	Deprecate fields, no versioning needed
Type safety	Optional (via OpenAPI/Swagger)	Built-in (schema is the type system)
Learning curve	Lower (uses HTTP conventions)	Higher (query language, resolvers, schema)

How REST Works

REST maps resources to URLs. Each URL represents an entity, and HTTP methods (GET, POST, PUT, DELETE) define operations on that resource:

REST endpoints

GET    /api/users          → List all users
GET    /api/users/42       → Get user 42
POST   /api/users          → Create a user
PUT    /api/users/42       → Update user 42
DELETE /api/users/42       → Delete user 42
GET    /api/users/42/posts → Get user 42's posts

The server decides the response shape. If you need a user and their posts, that's two requests — or you add query parameters like ?include=posts to customize the response.

How GraphQL Works

GraphQL exposes a single endpoint. The client sends a query describing exactly what data it wants:

GraphQL query

POST /graphql

{
  user(id: 42) {
    name
    email
    posts(limit: 5) {
      title
      createdAt
    }
  }
}

GraphQL response

{
  "data": {
    "user": {
      "name": "Alice",
      "email": "alice@example.com",
      "posts": [
        { "title": "Getting Started", "createdAt": "2025-01-15" },
        { "title": "Advanced Patterns", "createdAt": "2025-02-20" }
      ]
    }
  }
}

One request, exactly the fields you asked for. No extra data, no missing data, no second round trip.

The Over-fetching Problem

Suppose you're building a user list that only needs names and avatars:

REST — GET /api/users

[
  {
    "id": 1,
    "name": "Alice",
    "email": "alice@example.com",
    "avatar": "/img/alice.jpg",
    "bio": "Full-stack developer...",      // Don't need this
    "phone": "+1-555-0100",               // Don't need this
    "address": { ... },                    // Don't need this
    "settings": { ... },                   // Don't need this
    "createdAt": "2024-01-15T..."          // Don't need this
  },
  ...
]

GraphQL — query only what you need

{
  users {
    name
    avatar
  }
}

This matters most on mobile networks where bandwidth is expensive and latency is high. GraphQL can reduce payload sizes by 50-90% compared to fixed REST responses.

When to Choose REST

Simple CRUD APIs — if your data model is straightforward and clients don't need flexible queries, REST is simpler to build and maintain.
HTTP caching matters — REST endpoints are cacheable by URL with standard HTTP headers. CDNs, browser caches, and reverse proxies all work out of the box.
File uploads/downloads — REST handles binary data natively with multipart forms. GraphQL requires workarounds.
Public APIs — REST is universally understood. Any developer can call your API with curl without learning a query language.
Microservices — REST endpoints map cleanly to service boundaries. Each service owns its own resource URLs.

When to Choose GraphQL

Multiple clients with different needs — a mobile app needs a subset of data, a web dashboard needs all of it, and an admin panel needs extra fields. One schema serves all.
Deeply nested/relational data — when displaying a user's posts, each post's comments, and each comment's author in a single view.
Rapid frontend iteration — frontend teams can add or remove fields from queries without waiting for backend changes.
Real-time features — GraphQL subscriptions provide a standardized way to push updates to clients via WebSockets.

Common Pitfalls

GraphQL N+1 queries. Without a dataloader, fetching a list of users and their posts can fire one SQL query per user. Use DataLoader or similar batching.
GraphQL query complexity attacks. Clients can craft deeply nested queries that overwhelm your server. Always set depth limits and complexity scoring.
REST API sprawl. Large REST APIs end up with hundreds of endpoints, each with slightly different query parameters. Documentation falls behind.
Using GraphQL for everything. File uploads, authentication, health checks — these are better served by plain HTTP endpoints alongside your GraphQL API.

Building and deploying APIs?

DigitalOcean provides managed databases, load balancers, and App Platform for deploying REST and GraphQL APIs. Start with $200 in free credits.

The Verdict

REST is the safe default — simpler, universally understood, and battle-tested at every scale. Choose it unless you have a specific reason not to. GraphQL shines when you have multiple clients with different data needs, complex relational data, or a fast-moving frontend team. Many production systems use both — GraphQL for the frontend gateway, REST for internal microservices.

Try It Yourself

Working with REST APIs? Use our OpenAPI Validator to validate your API specs, convert them to TypeScript with the OpenAPI to TypeScript Converter, or format API responses with the JSON Formatter.