API Management for GraphQL
- 3. ● Introduction to GraphQL
● GraphQL Demo
● Comparison with REST
● API Management
● GraphQL API Management
● Q&A
Agenda
3
- 5. ● A query language + runtime invented to make front-end development easier
● Developed internally by Facebook in 2012 before being publicly released in
2015
● Specification : https://graphql.github.io/graphql-spec/June2018/
● Reference implementation: https://github.com/graphql/graphql-js
● Use any programming language
● Implementations of the GraphQL client, server in various languages are
available: https://graphql.org/code/
What is GraphQL
5
- 6. ● GraphQL foundation: Airbnb, AWS, Apollo, Coursera, Facebook, GitHub, Prisma,
Shopify, IBM, and Twitter
● Typically served over HTTP via a single endpoint which expresses the full set
of capabilities of the service
● Protocol Agnostic
● Ask what you need and get exactly that
GraphQL
6
- 8. GraphQL Schema
● A schema is a collection of type definitions
● Defines the contract between client and server
● Answers questions such as
⦿ What fields can be selected?
⦿ What kind of objects might they return?
⦿ What fields are available on those sub-objects?
● Written in GraphQL Schema Definition Language.
● Root types: Query, Mutation, Subscription
8
- 15. Requirement
15
A social media app needs to display
● Name of the user
● Titles of the posts of that user
● Names of the last three followers of that user
- 16. REST
16
REST: Accessing multiple endpoints
● /users/<id> - Fetch initial user data
● /users/<id>/posts - Fetch all the posts
for a user
● /users/<id>/followers - Returns a list
of followers per user
- 18. Strengths & Challenges
18
● No more over-fetching and under-fetching
● Rapid product iterations on the frontend
● Insightful analytics on the backend
● Good fit for complex systems and microservices
● Challenges in integrating existing monitoring systems
● Caching is complicated
● Server needs to do more processing
● Extra caution for GraphQL specific attacks
- 23. There is no universal best style to build an
API, But there is always a best style to build
an API for your problem.
23
- 26. API Management
What does API Management
offer?
● API lifecycle management
● Security
● Transformations
● Rate limiting
● Analytics
● Developer onboarding
- 29. ● Import an SDL file to create an API
29
API Developer Portal
- 30. ● Analyze the available operations and its types
30
API Developer Portal
- 32. ● Set a suitable rate-limiting policy per operation
32
API Developer Portal
- 33. ● Set a suitable authorization levels for each operation (scopes)
33
API Developer Portal
- 45. ● Enforce operational level
⦿ Authentication
⦿ Authorization
⦿ Rate limiting
● Depth analysis
● Complexity analysis
● Subscription support
45
Gateway
- 47. ● Operational level analytics
● Identify time consuming operations
● Ability to crunch analytics for combinations of operations
● Retire unused operations
47
Analytics
- 51. ● GraphQL can be a good choice for your APIs depending on the problem you are
trying to solve.
● API management is a common requirement for all types of APIs.
● GraphQL APIs can be exposed via API management platforms even without
first-class support for its characteristics.
● GraphQL characteristics need to be specifically treated in order to reap the
maximum benefits of GraphQL APIs in an API management platform.
51
Summary
- 53. ● Download and try-out
⦿ wso2.com/api-management
● Slack Channel
⦿ wso2-apim.slack.com
● Github
⦿ github.com/wso2/carbon-apimgt
⦿ github.com/wso2/product-apim
53