Tanmai Gopal

SE Radio 530: Tanmai Gopal on GraphQL

Tanmai Gopal, CEO of, joined SE Radio host Jeff Doolittle for a conversation about GraphQL. They discussed the history and rationale behind the original conception of GraphQL, as well as some of the use cases it is best suited for. Tanmai described how GraphQL differs from other API specification styles such as REST and gRPC. Various concepts related to GraphQL were also explored such as performance, caching, and security.

Show Notes

Related Links

From SE Radio


From the Show

SE Radio theme: “Broken Reality” by Kevin MacLeod ( — Licensed under Creative Commons: By Attribution 3.0)

Join the discussion
1 comment
  • Under Zero Trust, one interpretation of its needs might mean every system, and its app, must not trust the security checks which they dont implement. In this regard a backend database will need one or more of (User ID, client computer ID, user role) passed to it in the transaction request to perform its security checks, e.g. an RBAC approach, on the data being CRUD by any transaction. It does not matter how many systems a transaction traverses to get satisfied. The same authentication data (and maybe even the IDs of the entire set of all computers on the path to it) must be provided to every application for it to verify. It did not sound as though GraphQL has this and so the developers will have to define this architecture themselves “over the top” of using GraphQL. It would be great if they added that capability to the product. FYI this security architecture may need to be added to every distributed system in future as most architectures rely on authentication at the edge and not in the interior of a system-of-systems.

More from this show