Google Apigee and GraphQL

alexkoo · ‎06-28-2019

Recently, Google Apigee's customers and prospects have expressed increasing interest in leveraging GraphQL to make their data available to their app developers. There are multiple reasons for this interest including requirements for server-side API aggregation, meeting interest from app developers, and even just to try out something different. The ‘why’ is beyond the scope of this article. Instead, I’d like to go over an open-sourced solution available today using Google Apigee Edge and optional Google Cloud Platform products. My colleague, Miguel Mendoza (miguelmendoza@google.com) and I (alexkoo@google.com) created this solution to use the best of both GraphQL and Google Apigee Edge; we would love to hear if you found it useful.

Let’s get right to it. Here is a link to the open-sourced solution of Google Apigee GraphQL AuthZ. Separately, here is a link to a demo that showcases the AuthZ solution, query-parsing, analytics, and more.

At the heart of our solution, we want to serve 2 constituents: the app developer and the GraphQL API developer. For the app developer who is consuming the GraphQL API, we’ve supplied the following:

a GraphQL Playground - Try out GraphQL queries and read documentation on the GraphQL API.
easy AuthN/Z - Use with the GraphQL Playground to reduce app developer friction.

For the GraphQL API developer who is providing the GraphQL API, we’ve supplied the following:

ease of use for common GraphQL functions - Get a JavaScript GraphQL library (graphql.lib.js) for use within Edge JavaScript callouts.
ease of use of AuthZ - Get a standalone Edge JavaScript callout (graphql.jsc.js) for authorization. Also map scopes to entitlements via a CLI tool (gql-s2e).
demo to try it out - This includes a GraphQL playground, AuthZ/AuthN, an Edge-hosted GraphQL server, and more.
analytics - View details such as traffic and latency on both aggregate queries, individual queries, and constituent paths.

By default, the instructions will walk you through setting up the demo as follows:

The demo is set up to run the GraphQL server (in this demo, Apollo Server by Meteor Development Group) in a Hosted Target. We don’t necessarily recommend this architecture in a production environment. And keep in mind that this is not the only way to architect Google Apigee Edge and GraphQL server to work complementary to each other; Google Apigee Edge could sit in front of or behind-- or even both-- the GraphQL server. You’ll want to architect based on your specific requirements (and feel free to reach out to us for ideas).

For full details of setting up and using the AuthZ components and the demo, please see the READMEs in the respective Github repositories. And let us know if you found the solution and demo useful in the comments below-- we love to get feedback.

beertink · ‎02-26-2020

Hi all,

We are currently looking into GraphQL because we feel that GQL could be usefull for our front-end developers.

Is there anyone who is using this in a production environment?

And maybe willing to share some experiences with this ?

Thanks

henryhpan · ‎03-06-2020

Cool design

informatique · ‎05-18-2021

hello,

I try to test the Sample GraphQL Apigee Proxy :

https://github.com/apigee/api-platform-samples/tree/master/sample-proxies/graphql-sample#sample-sche...

But i am block at the step :

{
 "error": "UnauthorizedQuery",
 "message": "GraphQL: Unauthorized access to: query.resorts.name"
}

on the documentation I understand that I have to pass (on the header) the key "scope" at the value "reader" and i have to build the client entitlements list by using a map of scopes-to-entitlements.

I do that on a kvm but i am not sur about the syntaxe.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="GetEntitlementsMap" mapIdentifier="graphql">
    <DisplayName>GetEntitlementsMap</DisplayName>
    <Properties/>
    <Get assignTo="graphql_entitlements_map">
        <!--<Key>
            <Parameter>entitlements_map</Parameter>
        </Key>-->
        <!--<Key>-->
        <Key>
            <Parameter>entitlements_map</Parameter>
        </Key>
        <Value>
        {
          "instrospect": [
            "query.__schema.**"
          ],
          "reader": [
            "query.__schema.**",
            "query.resorts.**"
          ],
          "site:admin": [
            "query.__schema.**",
            "query.resorts.**",
            "mutation.resorts.create.**",
            "mutation.resorts.delete.**",
            "mutation.resorts.update.**"
          ],
          "resort:admin": [
            "query.__schema.**",
            "query.resorts.**",
            "mutation.resorts.update.**",
            "mutation.resorts.update.lifts.create.**",
            "mutation.resorts.update.lifts.update.**",
            "mutation.resorts.update.lifts.delete.**",
            "mutation.resorts.update.trails.create.**",
            "mutation.resorts.update.trails.update.**",
            "mutation.resorts.update.trails.delete.**"
          ],
          "resort:manager": [
            "query.__schema.**",
            "query.resorts.**",
            "mutation.resorts.update.resort.**",
            "mutation.resorts.update.lifts.update.**",
            "mutation.resorts.update.trails.update.**"
          ]
        }
        </Value>
    </Get>
    <Scope>environment</Scope>
</KeyValueMapOperations>

many thanks in advance for you help

best

Batahir · ‎10-27-2023

Android phone

Version 11

(PII Removed by Staff)