Discover our knowledge. Read our blogs!

Learn more

We build all our solutions with WSO2 and we are proud that we are Platinum Value-Added Reseller of WSO2.

Learn more

How to create a GraphQL API in WSO2 API Manager

5 min read

How to create a GraphQL API in WSO2 API ManagerGraphQL is a data query language for APIs that allows a user to explicitly specify what data to fetch from an API. Using WSO2 API Manager (APIM) we can expose the GraphQL service, adding features such as authentication, operational level authorization, throttling / rate limiting and analytics for query, mutation and subscription. In this blog I explain, step by step, the process of exposing GraphQL API in WSO2 APIM.

Download the WSO2 APIM from WSO2’s website as per your environment. In this blog I use MacOS and therefore ZIP Archive. After unzipping, you can start the server by executing the file inside the bin directory.

Below is the publisher portal available at https://localhost:9443/publisher. After login you can create a GraphQL API by uploading the GraphQL SDL schema.


For this blog I use SpaceX GraphQL API. I used a tool to get the SDL schema for it. If you have you own GraphQL API, feel free to use the existing SDL schema.


After the schema is uploaded, we have to define API name, context, version, and endpoint. In this example the SpaceXAPI is exposed with /yenlospacex context, 1.0.0 version and SpaceX GraphQL API as the endpoint. Now we can assign rate limiting to SpaceXAPI, in the example below I used an unlimited tier.


Click the Overview tab on left to see the details of the SpaceXAPI. You can see the list of operations, endpoints, configuration and the metadata of the API.


Under Operations, we can see the list of operation (query / mutation / subscriptions) defined in the schema definition.


In the example below, I will demonstrate how to add rate limiting, scope, and security for each GraphQL operation.

First create a scope that we will use to protect the API operation. In the example below, I created a scope adminScope that is restricted to admin role.



For each operation we can enforce the suitable scope. In the example below, I restricted the capsules operation with adminScope, unlimited throttling and security enabled. Finally, save the changes.


Next, under the lifecycle you can see the current status of the API is CREATED. You can also see that the WSO2 API Manager publisher verifies if the minimum set of requirements such as endpoints are provided for the next state. The next step is to publish the API by clicking the PUBLISH button.


As shown below, the API is now in the PUBLISHED state.


The developer portal can be reached at https://localhost:9443/devportal. Here you can see the published API.


That’s all for creating and publishing a GraphQL API in WSO2 API Manager. In my next blog I will walk you through consuming the API using developer portal.

New Call-to-action

Care to share?
Picture of Kashmira Ray
Published June 25, 2020

Kashmira Ray

Kashmira has more than 4 years of experience working in Java/.Net development with expert knowledge of relational databases, and product development. It is her passion to develop state of the art ‘products’ using java/.Net and web services.


Stay up to date with the latest articles