Perfex CRM GraphQL Guide: Flexible Data Querying Explained

Why GraphQL for CRM

Traditional REST APIs return fixed data structures. GraphQL lets you request exactly the fields you need in a single query. For CRM data with dozens of tables and relationships, this means fewer requests and smaller payloads.

Single Endpoint

POST https://databuilder.polyxgo.com/api/v1/graphql
Content-Type: application/json
Authorization: Bearer YOUR_TOKEN

Querying Data

# List staff with specific fields
{
  staffs(limit: 10) {
    id firstname lastname email
  }
}

# Filter and sort
{
  invoices(limit: 5, sort: "-total", filter: "status:2") {
    id total status datecreated
  }
}

# Multiple resources in one request
{
  clients(limit: 5) { userid company }
  projects(limit: 5, sort: "-id") { id name }
  tasks(limit: 10, filter: "status:1") { id name }
}

Mutations: Create, Update, Delete

GraphQL mutations provide full CRUD operations with auto-generated input types:

# Create a new project
mutation {
  createProject(input: {
    name: "API Integration Project"
    clientid: 42
    start_date: "2026-05-01"
  }) {
    id name clientid
  }
}

# Update a task
mutation {
  updateTask(id: 603, input: {
    name: "Updated task name"
    status: 2
  }) {
    id name status
  }
}

# Delete a record
mutation {
  deleteExpense(id: 15) {
    success message
  }
}

Write operations require a token with write scope and per-table permissions. Security columns (passwords, tokens, salts) are automatically excluded from input types.

When to Use GraphQL vs REST

For a detailed comparison, see REST vs GraphQL in Perfex CRM.

Security and Limits

• Query depth limit – prevents deeply nested queries
• Complexity scoring – blocks expensive queries
• Token scopes – control which tables and operations are accessible
• RFC 9457 errors – standardized error responses

Related Resources

• API Explorer with GraphQL sandbox
• How REST API Works in Perfex CRM
• Authentication and Token Scopes
• Production-Grade API Security