GraphQL interview questions

// 20 QUESTIONS · UPDATED MAY 2026

GraphQL interview questions for QA engineers and SDETs — covering how GraphQL differs from REST for testing, the errors array and partial success, schema and nullability, variables, mutations, nested authorisation, the N+1 problem, introspection, and integrating GraphQL tests into CI.

Level

Showing 20 of 20 questions

  1. How does testing a GraphQL API differ from testing a REST API?Junior

    GraphQL uses a single endpoint where the client specifies exactly which fields it wants, so you test operations rather than URLs. The big…

  2. How does GraphQL report errors, and how should you assert on them?Junior

    Errors come back in an `errors` array in the response body, usually with HTTP 200. Assert on the presence/absence of `errors` and on a st…

  3. What is partial success in GraphQL, and why does it matter for testing?Mid

    A single response can contain both `data` (fields that resolved) and `errors` (fields that failed) at the same time. Tests that assume th…

  4. What is the difference between a query and a mutation, and how do you test each?Junior

    Queries read data; mutations change it. Test queries for field selection, nesting and nullability. Test mutations for both the returned p…

  5. Why should dynamic values go in variables rather than be interpolated into the query string?Mid

    Variables keep the query static and the data separate — like parameterised SQL. String-interpolating user input into a query is an inject…

  6. How do schema types and nullability affect what you test?Mid

    The schema declares each field's type and whether it's nullable (`String`) or non-null (`String!`). Non-null fields that return null are…

  7. What is introspection, and what are its testing and security implications?Mid

    Introspection lets you query the schema itself (`__schema`, `__type`) at runtime. It's great for tooling and detecting breaking schema ch…

  8. What is the N+1 problem in GraphQL, and how would you test for it?Senior

    A list query with a nested field can fire one backend call per item — 1 for the list, then N for the nested field. It's invisible to func…

  9. How do you test authorisation in GraphQL given that one query can traverse the whole graph?Senior

    Because a single query can walk from an allowed object into nested fields, authorisation must be enforced per-field/per-object, not just…

  10. How do you detect breaking schema changes in a GraphQL API?Senior

    Snapshot the schema (committed SDL or introspection) and diff it in CI. Removing a field, renaming one, making a nullable field non-null…

  11. Why is asserting on HTTP 200 not enough for a GraphQL test?Junior

    GraphQL returns 200 OK for most logical errors — the failure is in the response body's `errors` array, not the status line. A test that o…

  12. What are query depth and complexity limits, and why test them?Senior

    Because clients build their own queries, a malicious or careless client can request deeply nested or hugely expensive queries that overlo…

  13. How do you test pagination in a GraphQL API?Mid

    Most GraphQL APIs use cursor-based (connections/edges/pageInfo) pagination rather than offset. Test that cursors page forward correctly,…

  14. What are aliases and fragments, and when are they useful in tests?Mid

    Aliases rename fields in the response (and let you query the same field twice with different arguments); fragments are reusable field sel…

  15. What tools would you use to test a GraphQL API, and how do you choose?Junior

    For exploration, a schema-aware client (Insomnia, Hoppscotch, Postman, or a GraphQL IDE like GraphiQL/Apollo Sandbox). For automated suit…

  16. How do you mock a GraphQL API for testing?Mid

    Mock at the schema level (a mock server that returns schema-valid responses from the SDL) or at the network level (MSW intercepts the Gra…

  17. What are GraphQL subscriptions, and how do you test them?Senior

    Subscriptions are real-time streams, usually over WebSocket — the server pushes data when an event occurs. Test the connection lifecycle,…

  18. What security risks are specific to GraphQL, and how do you test for them?Senior

    Beyond standard injection, GraphQL adds: introspection exposing the API surface, deeply-nested/expensive queries as a DoS vector, nested-…

  19. How do you integrate GraphQL tests into a CI pipeline?Mid

    Run code-based GraphQL tests (POST + body assertions) as part of the normal test stage, gate on the negative/error tests so the 200-on-er…

  20. From a testing and quality standpoint, when might REST be a better choice than GraphQL?Senior

    When you want HTTP caching and CDN behaviour for free, simple per-endpoint authorisation, predictable fixed responses, or a smaller secur…

// Continue exploring

Manual & exploratory

Test design, exploratory testing, bug reporting, test cases, regression strategy.

Cypress

Custom commands, sessions, intercept, retry-ability, component testing.

Playwright

Locators, fixtures, storage state, parallel execution, trace viewer.