This document discusses API management for GraphQL APIs. It begins with an introduction to GraphQL and then covers how API management platforms can support GraphQL APIs, including developer portals, enforcing security and policies at the gateway, and analytics. Key capabilities for GraphQL API management include importing GraphQL schemas, analyzing query complexity, enforcing rate limits on operations, and providing insights into usage patterns and latency from analytics. The document emphasizes that GraphQL is a good fit for some problems but API management is still needed to maximize benefits for both GraphQL API providers and consumers.
5. ● A query language + runtime invented to make front-end development easier
● Developed internally by Facebook in 2012 before being publicly released in
2015
● Specification : https://graphql.github.io/graphql-spec/June2018/
● Reference implementation: https://github.com/graphql/graphql-js
● Use any programming language
● Implementations of the GraphQL client, server in various languages are
available: https://graphql.org/code/
What is GraphQL
5
6. ● GraphQL foundation: Airbnb, AWS, Apollo, Coursera, Facebook, GitHub, Prisma,
Shopify, IBM, and Twitter
● Typically served over HTTP via a single endpoint which expresses the full set
of capabilities of the service
● Protocol Agnostic
● Ask what you need and get exactly that
GraphQL
6
8. GraphQL Schema
● A schema is a collection of type definitions
● Defines the contract between client and server
● Answers questions such as
⦿ What fields can be selected?
⦿ What kind of objects might they return?
⦿ What fields are available on those sub-objects?
● Written in GraphQL Schema Definition Language.
● Root types: Query, Mutation, Subscription
8
15. Requirement
15
A social media app needs to display
● Name of the user
● Titles of the posts of that user
● Names of the last three followers of that user
16. REST
16
REST: Accessing multiple endpoints
● /users/<id> - Fetch initial user data
● /users/<id>/posts - Fetch all the posts
for a user
● /users/<id>/followers - Returns a list
of followers per user
18. Strengths & Challenges
18
● No more over-fetching and under-fetching
● Rapid product iterations on the frontend
● Insightful analytics on the backend
● Good fit for complex systems and microservices
● Challenges in integrating existing monitoring systems
● Caching is complicated
● Server needs to do more processing
● Extra caution for GraphQL specific attacks
26. API Management
What does API Management
offer?
● API lifecycle management
● Security
● Transformations
● Rate limiting
● Analytics
● Developer onboarding
51. ● GraphQL can be a good choice for your APIs depending on the problem you are
trying to solve.
● API management is a common requirement for all types of APIs.
● GraphQL APIs can be exposed via API management platforms even without
first-class support for its characteristics.
● GraphQL characteristics need to be specifically treated in order to reap the
maximum benefits of GraphQL APIs in an API management platform.
51
Summary