GraphQL is a data query language for APIs that allows a user to explicitly specify what data to fetch from an API. Using WSO2 API Manager (APIM) we can expose the GraphQL service, adding features such as authentication, operational level authorization, throttling / rate limiting and analytics for query, mutation and subscription. In this blog I explain, step by step, the process of exposing GraphQL API in WSO2 APIM.
Download the WSO2 APIM from WSO2’s website as per your environment. In this blog I use MacOS and therefore ZIP Archive. After unzipping, you can start the server by executing the wso2server.sh file inside the bin directory.
Below is the publisher portal available at https://localhost:9443/publisher. After login you can create a GraphQL API by uploading the GraphQL SDL schema.
For this blog I use SpaceX GraphQL API. I used a tool to get the SDL schema for it. If you have you own GraphQL API, feel free to use the existing SDL schema.
After the schema is uploaded, we have to define API name, context, version, and endpoint. In this example the SpaceXAPI is exposed with /yenlospacex context, 1.0.0 version and SpaceX GraphQL API as the endpoint. Now we can assign rate limiting to SpaceXAPI, in the example below I used an unlimited tier.
Click the Overview tab on left to see the details of the SpaceXAPI. You can see the list of operations, endpoints, configuration and the metadata of the API.
Under Operations, we can see the list of operation (query / mutation / subscriptions) defined in the schema definition.
In the example below, I will demonstrate how to add rate limiting, scope, and security for each GraphQL operation.
First create a scope that we will use to protect the API operation. In the example below, I created a scope adminScope that is restricted to admin role.
For each operation we can enforce the suitable scope. In the example below, I restricted the capsules operation with adminScope, unlimited throttling and security enabled. Finally, save the changes.
Next, under the lifecycle you can see the current status of the API is CREATED. You can also see that the WSO2 API Manager publisher verifies if the minimum set of requirements such as endpoints are provided for the next state. The next step is to publish the API by clicking the PUBLISH button.
As shown below, the API is now in the PUBLISHED state.
The developer portal can be reached at https://localhost:9443/devportal. Here you can see the published API.
That’s all for creating and publishing a GraphQL API in WSO2 API Manager. In my next blog I will walk you through consuming the API using developer portal.