Introduction
With Exograph, you can build better backends fast!
Exograph offers a declarative way to create flexible, secure, and performant backends that provide GraphQL query and mutation APIs. Exograph lets you focus on your domain model and business logic, freeing you to pursue more creative work on your application. Furthermore, it offers tooling to support all stages of the development lifecycle, from development to deployment to maintenance.
Compared to the traditional way of writing GraphQL APIs, Exograph offers several advantages. Throughout this documentation, we will dive deep into each of them, but first, let's look at some of the highlights.
Awesome developer experience
Exograph offers a great developer experience throughout the application lifecycle.
Simple to get started
Once you install Exograph, you can get a simple GraphQL server ready in seconds thanks to its yolo mode. As you refine your model, Exograph helps by checking that it is error-free and giving precise error messages. In its dev mode, Exograph automatically reloads your code as you make changes and checks for consistency between your model and the database. It also offers a GraphiQL playground to try out queries and mutations. The Exograph VS Code extension makes working with Exograph model files easier.
Easy to develop
Exograph's declarative language expresses your backend's domain model and the API precisely and concisely. This TypeScript and GraphQL IDL-inspired language will make you feel at home,
Once you define your model, Exograph will take care of the rest. For example, with Postgres modules, Exograph will infer queries and mutations. As your model evolves, Exograph offers commands to check the consistency of your database schema with your model and to migrate your database to the latest version of your model.
Exograph's language is Git-friendly. In our experience, UI-based approaches to defining models don't scale, and it is especially tough to manage when multiple developers update the model. Since Exograph's language is just text, it is easy to integrate with Git and other version control systems. It also makes it easy to collaborate with other developers, where the standard Git workflow works just as expected.
Effortless to deploy
You can deploy Exograph to pretty much any cloud platform. Since the executable is a single binary with no runtime dependencies, you can run it on your laptop, a server, or a serverless platform. Depending on the platform and your preferences, you can deploy it as a Docker container or a standalone binary. To further simplify the deployment process, Exograph offers commands to create a package with your application and instructions to deploy it to a platform like Fly.io and AWS Lambda.
Once deployed, you can monitor your application with Exograph's built-in OpenTelemetry integration.
Trivial to test
Exograph also includes a declarative testing framework that lets you write tests with very little code. Express your operations and the expected results, and Exograph will do the rest: create a database, start an Exograph server, and run your tests in parallel.
Secure by design
One of the biggest challenges in building a GraphQL API is ensuring data access to only authorized users; it is so easy to miss access control enforcement, for example, with nested objects. By constantly having to think about access control, developers often end up with a complex and error-prone system. Even when carefully implemented, auditing access control rules is a challenge.
Exograph language design addresses access control as a core feature. Unless explicitly allowed, Exograph prevents access to any data, thus protecting against accidental data leaks.
In Exograph, you collocate access control rules with the data model. As a result, you can express complex access control rules concisely and in an easy-to-understand manner. The collocation also makes it easy to audit the access control rules. Once you define the rules, Exograph enforces them everywhere, no matter how a particular entity is accessed--directly or nested.
Furthermore, Exograph allows expressing access control rules in a fine-grained manner: based on user roles, based on the relationship between user and entity, based on captcha verification, and even on the time of day. All this is possible through contexts, a powerful mechanism to extract values from the request and environment alongside an expressive language to define rules.
Performant
Exograph is written in Rust, which, along with careful design, helps it provide high performance, fast startup time, and low memory usage. These characteristics make it suitable for serverless platforms (and, of course, traditional cloud deployment too).
Fast startup time
Typical Exograph server startup time is in low milliseconds. Exograph achieves fast startup by using ahead-of-time building. During the build phase, it parses the model, verifies it, and compiles it to an intermediate representation. Then, during runtime, it loads that representation into memory and starts serving requests. This separation shifts the burden of parsing and verifying the model from runtime to build time. As a result, the startup time is only the duration it takes to load the intermediate representation into memory.
Low memory usage
Typical memory usage for an Exograph backend is in tens of megabytes. The build/runtime separation helps by relying on a pre-compiled intermediate representation to avoid expending memory on building the model. Furthermore, since Exograph is written in Rust, there is no garbage collector, which reduces peak memory usage.