API Management for GraphQL
•
0 likes•192 views
This document discusses API management for GraphQL APIs. It begins with an introduction to GraphQL and then covers how API management platforms can support GraphQL APIs, including developer portals, enforcing security and policies at the gateway, and analytics. Key capabilities for GraphQL API management include importing GraphQL schemas, analyzing query complexity, enforcing rate limits on operations, and providing insights into usage patterns and latency from analytics. The document emphasizes that GraphQL is a good fit for some problems but API management is still needed to maximize benefits for both GraphQL API providers and consumers.
Report
Share
API Management for GraphQL
- 1. API Management for GraphQL Sep 30, 2020
- 2. Hello! Fazlan Nazeem fazlann@wso2.com Associate Technical Lead fazlan077
- 3. ● Introduction to GraphQL ● GraphQL Demo ● Comparison with REST ● API Management ● GraphQL API Management ● Q&A Agenda 3
- 5. ● A query language + runtime invented to make front-end development easier ● Developed internally by Facebook in 2012 before being publicly released in 2015 ● Specification : https://graphql.github.io/graphql-spec/June2018/ ● Reference implementation: https://github.com/graphql/graphql-js ● Use any programming language ● Implementations of the GraphQL client, server in various languages are available: https://graphql.org/code/ What is GraphQL 5
- 6. ● GraphQL foundation: Airbnb, AWS, Apollo, Coursera, Facebook, GitHub, Prisma, Shopify, IBM, and Twitter ● Typically served over HTTP via a single endpoint which expresses the full set of capabilities of the service ● Protocol Agnostic ● Ask what you need and get exactly that GraphQL 6
- 7. 7
- 8. GraphQL Schema ● A schema is a collection of type definitions ● Defines the contract between client and server ● Answers questions such as ⦿ What fields can be selected? ⦿ What kind of objects might they return? ⦿ What fields are available on those sub-objects? ● Written in GraphQL Schema Definition Language. ● Root types: Query, Mutation, Subscription 8
- 9. Query 9
- 10. Mutation 10 mutation { createPerson(name: "Alice",age: 36) { Id } } { "data": { "createPerson": { "id": "1234" } } } ● Used for Create/Update/Delete operations
- 11. Subscription 11 ● For real-time updates ● A single request followed by a stream of responses subscription { submitComment { message } }
- 12. Snowtooth Mountain GraphQL API
- 15. Requirement 15 A social media app needs to display ● Name of the user ● Titles of the posts of that user ● Names of the last three followers of that user
- 16. REST 16 REST: Accessing multiple endpoints ● /users/<id> - Fetch initial user data ● /users/<id>/posts - Fetch all the posts for a user ● /users/<id>/followers - Returns a list of followers per user
- 17. GraphQL 17 GraphQL: Fetch all data in a single request by specifying exactly what is needed.
- 18. Strengths & Challenges 18 ● No more over-fetching and under-fetching ● Rapid product iterations on the frontend ● Insightful analytics on the backend ● Good fit for complex systems and microservices ● Challenges in integrating existing monitoring systems ● Caching is complicated ● Server needs to do more processing ● Extra caution for GraphQL specific attacks
- 19. 19 GraphQL gives enormous power to consumers. But with great power comes great responsibility.
- 22. Which is Better?
- 23. There is no universal best style to build an API, But there is always a best style to build an API for your problem. 23
- 24. API Management
- 25. Many applications trying to access different APIs
- 26. API Management What does API Management offer? ● API lifecycle management ● Security ● Transformations ● Rate limiting ● Analytics ● Developer onboarding
- 29. ● Import an SDL file to create an API 29 API Developer Portal
- 30. ● Analyze the available operations and its types 30 API Developer Portal
- 31. ● View/Download the schema definition file of an already created API 31 API Developer Portal
- 32. ● Set a suitable rate-limiting policy per operation 32 API Developer Portal
- 33. ● Set a suitable authorization levels for each operation (scopes) 33 API Developer Portal
- 34. ● Enable/disable security for each operation 34 API Developer Portal
- 35. ● Assign complexity values for each operation and its fields 35 API Developer Portal
- 37. ● Filter/Categorize GraphQL APIs 37 Application Developer Portal
- 38. ● View available operations 38 Application Developer Portal
- 39. ● Download the GraphQL schema 39 Application Developer Portal
- 40. Application Developer Portal ● GraphQL specific try-out tool 40
- 41. Application Developer Portal ● View assigned complexity values 41
- 42. Administrators
- 43. ● Create rate-limiting policies with ⦿ Max depth ⦿ Max complexity 43 Admin Portal
- 44. Gateway/Runtime
- 45. ● Enforce operational level ⦿ Authentication ⦿ Authorization ⦿ Rate limiting ● Depth analysis ● Complexity analysis ● Subscription support 45 Gateway
- 46. Analytics
- 47. ● Operational level analytics ● Identify time consuming operations ● Ability to crunch analytics for combinations of operations ● Retire unused operations 47 Analytics
- 49. 49 Analytics - Usage Count
- 50. Summary
- 51. ● GraphQL can be a good choice for your APIs depending on the problem you are trying to solve. ● API management is a common requirement for all types of APIs. ● GraphQL APIs can be exposed via API management platforms even without first-class support for its characteristics. ● GraphQL characteristics need to be specifically treated in order to reap the maximum benefits of GraphQL APIs in an API management platform. 51 Summary
- 53. ● Download and try-out ⦿ wso2.com/api-management ● Slack Channel ⦿ wso2-apim.slack.com ● Github ⦿ github.com/wso2/carbon-apimgt ⦿ github.com/wso2/product-apim 53
- 54. wso2.com Thanks!