GraphQL persisted queries replace full query strings with short hashes, reducing payload size and enabling CDN caching via HTTP GET. Automatic Persisted Queries (APQ) standardizes the two-step hash-then-full-query protocol, while query whitelisting mode provides security by allowing only pre-registered operations.
0 / 5 completed
1 / 5
What problem do Persisted Queries solve in a GraphQL API used by mobile apps?
Persisted Queries store query strings on the server and allow clients to send only a short hash ID instead of the full query text. This reduces mobile bandwidth consumption, speeds up requests, and enables GET requests for cacheable queries — GET requests can be cached by CDNs and browsers.
2 / 5
A GraphQL server is configured to only accept registered persisted queries. What security benefit does this provide?
When a GraphQL server runs in persisted queries only mode, it rejects any query not pre-registered in the persisted query store. This is a powerful security measure preventing attackers from running expensive or unauthorized ad-hoc queries, effectively whitelisting known client operations.
3 / 5
How does the Automatic Persisted Queries (APQ) protocol work on the first request?
APQ uses a two-step protocol: the client sends only the query hash. On a cache miss, the server returns PERSISTED_QUERY_NOT_FOUND. The client then retries with both the full query string and the hash. The server executes and stores the association, so future requests only need the hash.
4 / 5
A developer chooses SHA-256 to hash GraphQL queries for persisted queries. Why is a cryptographic hash preferred over simpler identifiers?
SHA-256 (and other cryptographic hashes) are preferred because they are deterministic (same query → same hash) and collision-resistant (different queries → different hashes with overwhelming probability). This ensures a query hash reliably identifies a unique query string without false matches.
5 / 5
Which caching layer benefits most from persisted queries when queries use HTTP GET?
By converting GraphQL queries to HTTP GET requests with the query hash as a URL parameter, persisted queries make responses cacheable by CDN edge nodes and browser HTTP caches. POST requests (used for ad-hoc GraphQL) are not cacheable by CDNs, making APQ crucial for public or high-traffic GraphQL APIs.