Bird
Raised Fist0
GraphQLquery~30 mins

Persisted queries in GraphQL - Mini Project: Build & Apply

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Persisted Queries with GraphQL
📖 Scenario: You are building a simple GraphQL API for a book store. To improve performance and security, you want to use persisted queries. Persisted queries store the GraphQL query strings on the server with unique IDs. Clients then send only the ID to run the query.
🎯 Goal: Build a basic persisted queries setup by creating a dictionary to store queries, a configuration for allowed queries, a function to retrieve queries by ID, and a final step to simulate running a persisted query by ID.
📋 What You'll Learn
Create a dictionary called persisted_queries with exact query IDs and query strings
Add a list called allowed_query_ids containing the allowed query IDs
Write a function called get_query_by_id that takes a query ID and returns the query string if allowed
Simulate running a persisted query by calling get_query_by_id with a valid ID and storing the result in executed_query
💡 Why This Matters
🌍 Real World
Persisted queries improve performance and security in GraphQL APIs by avoiding sending full query strings over the network repeatedly.
💼 Career
Understanding persisted queries is important for backend developers working with GraphQL to optimize API efficiency and protect against injection attacks.
Progress0 / 4 steps
1
Create the persisted queries dictionary
Create a dictionary called persisted_queries with these exact entries: 'q1' mapped to '{ books { title author } }', and 'q2' mapped to '{ authors { name booksCount } }'.
GraphQL
Hint

Use curly braces to create the dictionary and exact keys and values as strings.

2
Add allowed query IDs list
Create a list called allowed_query_ids containing the strings 'q1' and 'q2'.
GraphQL
Hint

Use square brackets to create the list with the exact strings.

3
Write the function to get query by ID
Write a function called get_query_by_id that takes a parameter query_id. It should return the query string from persisted_queries only if query_id is in allowed_query_ids. Otherwise, return None.
GraphQL
Hint

Use an if statement to check membership and dict.get() to retrieve the query string.

4
Simulate running a persisted query
Call the function get_query_by_id with the argument 'q1' and assign the result to a variable called executed_query.
GraphQL
Hint

Call the function with the string 'q1' and assign the result to executed_query.

Practice

(1/5)
1. What is the main benefit of using persisted queries in GraphQL?
easy
A. The server stores user credentials for faster login.
B. Clients send only a unique ID instead of the full query, saving bandwidth.
C. Queries are automatically optimized by the client.
D. It allows clients to write queries without validation.

Solution

  1. Step 1: Understand what persisted queries do

    Persisted queries store the full GraphQL query on the server with a unique ID.

  2. Step 2: Identify the client-server interaction

    Clients send only the ID to run the query, reducing the data sent over the network.

  3. Final Answer:

    Clients send only a unique ID instead of the full query, saving bandwidth. -> Option B

  4. Quick Check:

    Persisted queries reduce data sent = Clients send only a unique ID instead of the full query, saving bandwidth. [OK]
Hint: Persisted queries send IDs, not full queries [OK]
Common Mistakes:
  • Thinking clients send full queries every time
  • Confusing persisted queries with client-side caching
  • Believing persisted queries store user data
2. Which of the following is the correct way to send a persisted query request in GraphQL?
easy
A. { "id": "12345", "variables": { "userId": "1" } }
B. { "query": "{ user(id: 1) { name } }" }
C. { "mutation": "updateUser" }
D. { "headers": { "Authorization": "token" } }

Solution

  1. Step 1: Identify the persisted query request format

    Persisted queries send the unique query ID and variables, not the full query string.

  2. Step 2: Match the correct JSON structure

    { "id": "12345", "variables": { "userId": "1" } } sends an ID and variables, which is the correct persisted query format.

  3. Final Answer:

    { "id": "12345", "variables": { "userId": "1" } } -> Option A

  4. Quick Check:

    Persisted query request = ID + variables [OK]
Hint: Persisted queries use ID field, not full query [OK]
Common Mistakes:
  • Sending full query instead of ID
  • Using mutation key instead of id
  • Confusing headers with query payload
3. Given the following persisted query setup, what will the server return when the client sends { "id": "abc123", "variables": { "limit": 5 } } if the query with ID abc123 fetches the first limit users?

Assume the database has 10 users named User1 to User10.

Options:
medium
A. []
B. [{"name": "User6"}, {"name": "User7"}, {"name": "User8"}, {"name": "User9"}, {"name": "User10"}]
C. [{"name": "User1"}, {"name": "User2"}, {"name": "User3"}, {"name": "User4"}, {"name": "User5"}]
D. Error: Query ID not found

Solution

  1. Step 1: Understand the query and variables

    The query with ID 'abc123' fetches users limited by the 'limit' variable, which is 5 here.

  2. Step 2: Determine the expected result

    Since the database has users User1 to User10, fetching the first 5 returns User1 to User5.

  3. Final Answer:

    [{"name": "User1"}, {"name": "User2"}, {"name": "User3"}, {"name": "User4"}, {"name": "User5"}] -> Option C

  4. Quick Check:

    Limit 5 users returns first 5 users [OK]
Hint: Variables control query output; check their values [OK]
Common Mistakes:
  • Assuming query returns last users
  • Thinking ID is invalid
  • Ignoring variables in query
4. A developer tries to use persisted queries but gets an error: Query ID not found. What is the most likely cause?
medium
A. The client sent a query ID that the server does not recognize.
B. The client sent the full query instead of the ID.
C. The server does not support GraphQL.
D. The client forgot to include variables.

Solution

  1. Step 1: Analyze the error message

    The error 'Query ID not found' means the server cannot find the query matching the sent ID.

  2. Step 2: Identify the cause

    This usually happens if the client sends an ID that was never registered or stored on the server.

  3. Final Answer:

    The client sent a query ID that the server does not recognize. -> Option A

  4. Quick Check:

    Unknown query ID causes 'Query ID not found' error [OK]
Hint: Check if query ID is registered on server [OK]
Common Mistakes:
  • Assuming full query sent causes this error
  • Blaming missing variables for this error
  • Thinking server lacks GraphQL support
5. You want to secure your GraphQL API by allowing only persisted queries. Which approach best achieves this?
hard
A. Disable persisted queries and use API keys instead.
B. Allow all queries but log those without IDs for review.
C. Require clients to send full queries and IDs together.
D. Reject any request that does not include a valid persisted query ID.

Solution

  1. Step 1: Understand API security with persisted queries

    Allowing only persisted queries means the server accepts requests only if they have a valid stored query ID.

  2. Step 2: Identify the best enforcement method

    Rejecting requests without valid IDs ensures only approved queries run, improving security.

  3. Final Answer:

    Reject any request that does not include a valid persisted query ID. -> Option D

  4. Quick Check:

    Only accept valid persisted query IDs to secure API [OK]
Hint: Block requests missing valid persisted query IDs [OK]
Common Mistakes:
  • Allowing all queries weakens security
  • Sending full queries defeats persisted query purpose
  • Relying only on API keys without query control