Anzeige

API Management for GraphQL

WSO2
WSO2
6. Oct 2020
Anzeige

Más contenido relacionado

Presentaciones para ti(20)

Anzeige

Más de WSO2(20)

Anzeige

API Management for GraphQL

  1. API Management for GraphQL Sep 30, 2020
  2. Hello! Fazlan Nazeem fazlann@wso2.com Associate Technical Lead fazlan077
  3. ● Introduction to GraphQL ● GraphQL Demo ● Comparison with REST ● API Management ● GraphQL API Management ● Q&A Agenda 3
  4. Introduction to GraphQL
  5. ● A query language + runtime invented to make front-end development easier ● Developed internally by Facebook in 2012 before being publicly released in 2015 ● Specification : https://graphql.github.io/graphql-spec/June2018/ ● Reference implementation: https://github.com/graphql/graphql-js ● Use any programming language ● Implementations of the GraphQL client, server in various languages are available: https://graphql.org/code/ What is GraphQL 5
  6. ● GraphQL foundation: Airbnb, AWS, Apollo, Coursera, Facebook, GitHub, Prisma, Shopify, IBM, and Twitter ● Typically served over HTTP via a single endpoint which expresses the full set of capabilities of the service ● Protocol Agnostic ● Ask what you need and get exactly that GraphQL 6
  7. 7
  8. GraphQL Schema ● A schema is a collection of type definitions ● Defines the contract between client and server ● Answers questions such as ⦿ What fields can be selected? ⦿ What kind of objects might they return? ⦿ What fields are available on those sub-objects? ● Written in GraphQL Schema Definition Language. ● Root types: Query, Mutation, Subscription 8
  9. Query 9
  10. Mutation 10 mutation { createPerson(name: "Alice",age: 36) { Id } } { "data": { "createPerson": { "id": "1234" } } } ● Used for Create/Update/Delete operations
  11. Subscription 11 ● For real-time updates ● A single request followed by a stream of responses subscription { submitComment { message } }
  12. Snowtooth Mountain GraphQL API
  13. Chairlift and Trails
  14. Comparison with REST
  15. Requirement 15 A social media app needs to display ● Name of the user ● Titles of the posts of that user ● Names of the last three followers of that user
  16. REST 16 REST: Accessing multiple endpoints ● /users/<id> - Fetch initial user data ● /users/<id>/posts - Fetch all the posts for a user ● /users/<id>/followers - Returns a list of followers per user
  17. GraphQL 17 GraphQL: Fetch all data in a single request by specifying exactly what is needed.
  18. Strengths & Challenges 18 ● No more over-fetching and under-fetching ● Rapid product iterations on the frontend ● Insightful analytics on the backend ● Good fit for complex systems and microservices ● Challenges in integrating existing monitoring systems ● Caching is complicated ● Server needs to do more processing ● Extra caution for GraphQL specific attacks
  19. 19 GraphQL gives enormous power to consumers. But with great power comes great responsibility.
  20. 20 Deeply Nested Queries
  21. 21 Computationally Expensive Queries
  22. Which is Better?
  23. There is no universal best style to build an API, But there is always a best style to build an API for your problem. 23
  24. API Management
  25. Many applications trying to access different APIs
  26. API Management What does API Management offer? ● API lifecycle management ● Security ● Transformations ● Rate limiting ● Analytics ● Developer onboarding
  27. GraphQL API Management
  28. API Developer Portal
  29. ● Import an SDL file to create an API 29 API Developer Portal
  30. ● Analyze the available operations and its types 30 API Developer Portal
  31. ● View/Download the schema definition file of an already created API 31 API Developer Portal
  32. ● Set a suitable rate-limiting policy per operation 32 API Developer Portal
  33. ● Set a suitable authorization levels for each operation (scopes) 33 API Developer Portal
  34. ● Enable/disable security for each operation 34 API Developer Portal
  35. ● Assign complexity values for each operation and its fields 35 API Developer Portal
  36. Application Developers
  37. ● Filter/Categorize GraphQL APIs 37 Application Developer Portal
  38. ● View available operations 38 Application Developer Portal
  39. ● Download the GraphQL schema 39 Application Developer Portal
  40. Application Developer Portal ● GraphQL specific try-out tool 40
  41. Application Developer Portal ● View assigned complexity values 41
  42. Administrators
  43. ● Create rate-limiting policies with ⦿ Max depth ⦿ Max complexity 43 Admin Portal
  44. Gateway/Runtime
  45. ● Enforce operational level ⦿ Authentication ⦿ Authorization ⦿ Rate limiting ● Depth analysis ● Complexity analysis ● Subscription support 45 Gateway
  46. Analytics
  47. ● Operational level analytics ● Identify time consuming operations ● Ability to crunch analytics for combinations of operations ● Retire unused operations 47 Analytics
  48. 48 Analytics - Latency
  49. 49 Analytics - Usage Count
  50. Summary
  51. ● GraphQL can be a good choice for your APIs depending on the problem you are trying to solve. ● API management is a common requirement for all types of APIs. ● GraphQL APIs can be exposed via API management platforms even without first-class support for its characteristics. ● GraphQL characteristics need to be specifically treated in order to reap the maximum benefits of GraphQL APIs in an API management platform. 51 Summary
  52. Question Time! 52
  53. ● Download and try-out ⦿ wso2.com/api-management ● Slack Channel ⦿ wso2-apim.slack.com ● Github ⦿ github.com/wso2/carbon-apimgt ⦿ github.com/wso2/product-apim 53
  54. wso2.com Thanks!
Anzeige