I think this is something we could write a blog about to describe our experiences in more depth. One aspect is that GraphQL is easy for developers to write (albeit something they have to learn), yet it is difficult for operators to manage, because resulting queries are unpredictable (since they’re user-defined). There can be a lot of costly cross-table joins, in ways that developers may not realize (since developers often do not have visibility into the underlying database schemas that they are querying). It can work well for low-volume APIs but quickly becomes untenable. Also, load balancer access logs are not very useful with GraphQL APIs because everything is a 200 OK response (with error codes embedded in the response), which complicates alerting and monitoring.
We might consider layering a GraphQL API on top of our REST APIs in the future, either server-side or client-side, but that’s not something we’re planning to do at this time.