Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Exposing GraphQLs as Managed APIs

89 views

Published on

GraphQL is an emerging API standard that provides a more flexible and alternative approach for data intensive operations. It is particularly good for querying and retrieving data in optimized forms that make applications more efficient and optimal. While GraphQL focuses on what it does best, we still need to ensure that our GraphQL services are exposed in a secure, controlled, monitored, and sometimes even in a monetized environment. This is where the inclusion of an API gateway that understands GraphQL queries, mutations, and subscriptions can add significant value.

This deck explores the following:
- Introduction to GraphQL
- Exposing GraphQL services as managed APIs
- Authentication
- Authorization
- Rate limiting
- Invoking GraphQL APIs exposed via WSO2 API Manager

Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/exposing-graphqls-as-managed-apis/

Published in: Technology
  • Be the first to comment

Exposing GraphQLs as Managed APIs

  1. 1. Exposing GraphQLs as Managed APIs Fazlan Nazeem, Associate Technical Lead, WSO2 Hiranya Abeyrathne, Software Engineer, WSO2
  2. 2. Agenda ● Introduction to GraphQL ● REST vs GraphQL ● Why API Management ● Graphql Support - WSO2 APIM 3.0.0 ● Demo ● Roadmap of upcoming GraphQL features. ● Q&A
  3. 3. Introduction to GraphQL
  4. 4. GraphQL ● A query language for your API. Not a programming language. ● Ask what you need, and get exactly that. ● Developed internally by Facebook in 2012 before being publicly released in 2015. ● Specification : https://graphql.github.io/graphql-spec/June2018/ ● Reference Implementation: https://github.com/graphql/graphql-js ● Implementations of the GraphQL client, server in various languages are available. https://graphql.org/code/ ● GraphQL foundation : Airbnb, AWS, Apollo, Coursera, Facebook, GitHub, Prisma, Shopify, IBM and Twitter ● Typically served over HTTP via a single endpoint which expresses the full set of capabilities of the service.
  5. 5. Type System ● Defines the capabilities of an API ● All the types are exposed in an API, written down in a language called (SDL) GraphQL Schema Definition Language ● Contract between the client and the server. Once it is defined, both sides are aware of the data structure ● There are some special root types (Query,Mutation,Subscription) - operations
  6. 6. Query Fetching Data with Queries Ex1: Facebook
  7. 7. Query (Contd) Ex2: Github
  8. 8. Mutation Writing data with Mutations (Making changes to the data stored in the backend - create/update/delete) ● POST : <Endpoint URL> payload: { query: “mutation createPerson {name: ‘Alice, age:36’}”} mutation { createPerson(name: "Alice",age: 36) { Id } } { "data": { "createPerson": { "id": "1234" } } }
  9. 9. Subscription Real time updates with Subscriptions (Have a real time connection to the server) subscription { submitComment { message } }
  10. 10. REST vs GraphQL
  11. 11. Rest vs GraphQL (Contd) Ex: An app needs to display the titles of the posts of a specific user. The same screen also displays the names of the last 3 followers of that user. How would that situation be solved with REST and GraphQL? REST : Accessing multiple Endpoints /users/<id> - Fetch initial user data /users/<id>/posts - Fetch all the posts for a user /users/<id>/followers - Returns a list of followers per user.
  12. 12. Rest vs GraphQL (Contd) GraphQL : Sends a single query Pass the query to the GraphQL server that includes the concrete data requirements. ( The client can specify exactly the data it needs in a query)
  13. 13. GraphQL Strengths and Weaknesses • No more Over-fetching and Under-fetching • Rapid Product Iterations on the Frontend • Insightful Analytics on the Backend • Benefits of a Schema & Type System • Queries send more bytes than REST • Caching is complicated • Server needs to do more processing • Extra cautions for GraphQL specific attacks
  14. 14. Why API Management?
  15. 15. API Management for GraphQL Services • First class support for creating/publishing GraphQL APIs. • Different levels of permissions for each operation. • Different levels of rate limiting levels for each operation. • Threat Protection ( Malicious/unintentional/Poor Queries ) • Operational Level Analytics.
  16. 16. Graphql Support WSO2 APIM 3.0
  17. 17. What WSO2 APIM 3.0 Offers? ● First class support for Graphql APIs ○ Create a Graphql API by importing an SDL schema ○ Identify Graphql APIs automatically in the portals ○ Display operation list instead of resources ○ Display SDL schema instead of open API definition ○ Download option for SDL schema ○ Search option to Graphql type APIs ( type: GRAPHQL) ● Operational Level Security, Authorization and Rate limiting
  18. 18. Demo
  19. 19. Use Case - API Developer Mike needs to expose the “Countries” API with the following rules 1. Continents operation needs to be authorized only for managers 2. Continents operation should be allowed for only one request per minute 3. Languages operation needs to be available for everyone
  20. 20. Jane needs to invoke Countries API which has been published through WSO2 APIM 3.0.0 to retrieve the following. • Code, name of all languages. • Name of all countries, code, name of all languages in each country • Name of all continents, Name of all countries in each continent, Code, name of all languages of each country. Use Case - Application Developer
  21. 21. API Invocation
  22. 22. Managed Countries API
  23. 23. Roadmap ● Threat Protection ● Analytics support ● Websocket Subscription ● Micro-gw support
  24. 24. Q & A
  25. 25. ● Download and try out: https://wso2.com/api-management/ ● Slack Channel: https://app.slack.com/client/TLVKGQN84/CLVKGR3BN ● GitHub: https://github.com/wso2/product-apim/issues
  26. 26. Webinars to Follow ● November 14 - API Security in a Cloud Native Era ● November 19 - Cloud Native APIs: The API Operator for Kubernetes ● November 21 - Beautifying the Beautiful: Theming WSO2 API Manager ● December 03 - Mine Your APIs for Gold: API Monetization ● December 05 - Building a CI/CD Pipeline for APIs
  27. 27. THANK YOU wso2.com

×