"GraphQL API for WordPress" is a WorPress plugin that installs a GraphQL server. It enables to fetch and modify data from the WordPress site using GraphQL.
Plugin goals permalink
Hey! Read the detailed explanation of these goals in CSS-Tricks article Rendering the WordPress philosophy in GraphQL.
GraphQL API for WordPress strives to be:
Easy to use permalink
The WordPress philosophy is that anyone, irrespective of having technical skills or not, must be able to use the software. The plugin attempts to satisfy this philosophy, by making it as easy as possible to create an API and interact with it.
As an example, creating endpoints using the WP REST API requires to code using PHP, which is not always accessible to non-technical users. This plugin, in addition to PHP code, also enables to publish persisted queries (which are endpoints exposing predefined data, similar to REST endpoints) using the WordPress editor, similar to writing a post, and accessible to everyone.
In the modern world of web development, APIs act as the main gateway to have the client interact with the server. For that reason, it is important for an API to not be limited on any respect, as to be able to satisfy any requirement.
Similar to WordPress hooks, this plugin enables to modify the results of executing a query, through custom functionality, external APIs and cloud-based services. The output of a query can be altered in any desired way, so there is hardly anything that cannot be done.
A GraphQL API could easily be mismanaged, exposing access to all data in the WordPress site to everyone, including malicious actors. For this reason, the GraphQL server needs to provide appropriate security measures, to make sure that only the intended users are the ones accessing the data.
This plugin takes security very seriously, and has implemented several security measures natively. The single endpoint is disabled by default; data can be exposed through persisted queries; granting access to data is done via configurable access control lists (based on the user being logged-in or not, having a certain role or capability, or a custom rule); and the API can be defined as public or private.
GraphQL is a standard that keeps evolving, and the community keeps suggesting ideas to provide new functionalities, to be added to the specification sometime in the future.
This plugin doesn't like waiting. For this reason, it already includes many of the novel functionalities that have been proposed (such as schema namespacing, multiple query execution, and others) as opt-in features, so they must be explicitly enabled by the admin.