GraphQL solves real problems and introduces new ones. These questions check whether a candidate understands the tradeoffs against REST, not just the query syntax.
Hiring a GraphQL developer is easy. Telling a real one from a convincing résumé is the hard part — and it’s most of what we do. These are grouped by level, because the same question that stretches a junior is a warm-up for a senior.
Junior GraphQL interview questions
0–2 years
Core concepts.
What is GraphQL and how does it differ from REST?
A query language where the client requests exactly the fields it needs from a single endpoint, versus REST’s fixed resource endpoints.
Thinks GraphQL is just a different URL scheme.
What are queries, mutations and subscriptions?
Queries read data, mutations change it, subscriptions push real-time updates.
Uses a mutation to fetch data or vice versa.
What is a schema and the type system?
A strongly-typed contract defining types, fields and operations that both client and server rely on.
Treats the schema as optional documentation.
What is a resolver?
A function that returns the value for a field, wiring the schema to data sources.
Cannot explain where data actually comes from.
What problems does GraphQL solve?
Over-fetching and under-fetching, and multiple round-trips, by letting clients shape responses.
Can’t articulate why a team would adopt it.
What are scalar and object types?
Scalars are leaf values (Int, String, Boolean, ID); object types compose fields, including nested objects.
Confuses scalars and objects.
How do arguments and variables work?
Fields accept arguments; variables parameterise queries safely instead of string interpolation.
Interpolates values into query strings.
What is introspection?
The ability to query the schema itself, powering tooling and docs; it may be disabled in production.
Unaware the schema is queryable.
Mid-level GraphQL interview questions
2–5 years
Resolvers and performance.
What is the N+1 problem in GraphQL and how do you fix it?
Nested resolvers firing one query per parent; batching with DataLoader coalesces them into fewer queries.
Fires a database query per item in a list resolver.
How do you handle errors in GraphQL?
Partial results with an errors array, meaningful error types/extensions, and not leaking internals.
Returns HTTP 500 for any field error.
How does pagination work in GraphQL?
Cursor-based (connections) for stable, scalable pagination over large lists rather than offsets.
Uses offset pagination that degrades on large datasets.
How do you secure a GraphQL API?
Auth in resolvers/context, query depth and complexity limits, and disabling introspection where appropriate.
Leaves the API open to arbitrarily deep, expensive queries.
How does caching differ from REST?
No free HTTP caching per URL; caching happens at the client (normalised cache) and via persisted queries or field-level caching.
Assumes CDN URL caching works like REST.
What is the difference between schema-first and code-first?
Schema-first defines the SDL then implements resolvers; code-first generates the schema from code. Both are valid.
Doesn’t know either approach.
What are fragments and why use them?
Reusable field selections shared across queries, keeping client code DRY and consistent.
Duplicates field lists across queries.
How do you version a GraphQL API?
Evolve the schema additively and deprecate fields rather than versioning URLs.
Creates /v2 endpoints like REST.
Senior GraphQL interview questions
5+ years
Architecture and scale.
How do you prevent expensive or abusive queries?
Query depth/complexity analysis, cost limits, timeouts, persisted queries and rate limiting.
Allows unbounded nested queries.
When is GraphQL the wrong choice?
For simple CRUD, file uploads/downloads, or when HTTP caching and simplicity of REST matter more than flexible querying.
Insists GraphQL is always superior to REST.
How do you design a federated / distributed graph?
Compose subgraphs owned by teams into one supergraph (federation), with clear ownership and entity boundaries.
Builds one monolith resolver layer for everything.
How do you monitor and trace GraphQL in production?
Per-resolver tracing and metrics, since one endpoint hides many operations; track slow fields and error rates.
Can’t tell which field is slow because everything is one endpoint.
How do you manage schema evolution safely?
Additive changes, deprecation with tooling, and checks that catch breaking changes before deploy.
Removes fields and breaks clients.
How does DataLoader batching and caching work?
It batches keys within a tick and caches per request, drastically cutting duplicate data-source calls.
Reimplements caching badly or not at all.
How do you handle authorization at field level?
Enforce it in resolvers/context based on the user, since a single query can touch many protected fields.
Checks auth only at the endpoint, not per field.
How do you keep a large schema maintainable?
Modular schema organisation, naming conventions, ownership boundaries, and linting to prevent drift.
One giant unstructured schema file.
Build and score a full interview with our free interview scorecard tool, browse the full question hub, or see how we interview engineers.