Codapult includes an optional graphql-yoga server for teams that prefer GraphQL over REST or tRPC. It is an independent module and can be removed without affecting other API layers.
File Structure
| Path | Description |
|---|---|
src/lib/graphql/schema.ts | SDL type definitions |
src/lib/graphql/resolvers.ts | Resolver implementations |
src/app/api/graphql/route.ts | HTTP endpoint (GET + POST) |
Endpoint
The GraphQL endpoint is available at /api/graphql. It supports both GET (for queries via URL params) and POST (standard JSON body) methods.
In development, graphql-yoga serves a built-in GraphiQL playground at the same URL when accessed from a browser.
When to Use GraphQL vs tRPC
| Use case | Recommended |
|---|---|
| Internal frontend ↔ backend communication | tRPC |
| Public API for third-party consumers | GraphQL |
| Mobile app with varied data requirements | GraphQL |
| Dashboard with full-stack TypeScript | tRPC |
| Need introspection/schema discovery | GraphQL |
Both layers share the same auth primitives (getAppSession) and rate limiting. You can use both simultaneously.
Authentication
The GraphQL route checks auth and applies rate limiting (60 requests per 60 seconds):
const session = await getAppSession();
// session is available in resolver context
Pass the session to resolvers via the context object. Protected resolvers should check ctx.session before returning data.
Removal
GraphQL is an independently removable module. Use the setup wizard:
npx @codapult/cli setup
Or remove manually: delete src/lib/graphql/, src/app/api/graphql/, and uninstall graphql, graphql-yoga, and graphql-tag dependencies.