Managing and securing your GraphQL APIs with WSO2 API Manager
GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL was initially developed by Facebook before it was publicly released as an open source project. It provides a more powerful and meaningful way to fetch the data from a server to a client application.
In this example, we will try to understand the very basic concept of creating a simple GraphQL server in Spring Boot that provide some basic details of few books that we stored and then we will create, publish and secure an API with WSO2 APIM based on the endpoint we created.
Creating the GraphQL Server
Let’s go on and create a very basic GraphQL server with Spring Boot. For creating a new Spring Boot project go to start.spring.io and create a new gradle project. Open the project in your preferred IDE add make sure that you have the following dependencies added in the build.gradle file.
Let’s create a simple DAO file named as ‘Book’ with required constructor, getters and setters for later usage. For simplicity purpose let’s have only the id and the name of books.
We will now create a class that contain some dummy books data and some methods to get those data. For simplicity let’s add two book data and two methods one for getting all the books info and one for getting the info of a specific book based on it’s id.
Now let’s create a simple GraphQL schema that define types, fields and what queries are possible. For simplicity let us create a book type and 2 queries one for getting the whole list of books and other is for getting a single book info specified by its id. Let’s name this file as schema.graphql and place it inside the src/main/resources folder.
It’s time to create a data fetcher class that fetches the data with respect to the query requested. As shown in the picture below, there are two methods to fetch data from our dummy data object. The first method takes dataFetchingEnvironment and returns a list of books. The second method takes the dataFetchingEnvironment and returns an instance of the book when the book id matches with the user’s request or otherwise it returns a default book instance.
Note that here we are using dataFetchingEnvironment which contains all the argument values to get the required id the user is interested in.
Now we will create graphQLProvider class to build our GraphQL schema using the schema file we created earlier. Lets see how it looks like.
init() method gets the schema file and create the GraphQL instance. You can see it uses the buildSchema() method to create GraphQLSchema instance from the input string which can then be used by the init() method. As shown in the picture below buildWiring() method uses our BooksDataFetcher class we created earlier to register our two data fetchers.
Make sure to map the correct field name that we used in the schema.graphql file to correct data fetching method we defined in the BooksDataFetcher class above.
That’s it. We have successfully created a GraphQL server. When running the application, the API is available on http://localhost:8080/graphql by default.
You can test the endpoint using insomnia or postman tool. The following figure illustrates how a sample query and response will look like when hitting the endpoint in insomnia.
Now let’s publish and secure this endpoint using WSO2 API Manager.
WSO2 API Manager
API management is used for designing, publishing, managing the lifecycle, documenting and analyzing APIs in a secured environment. WSO2 API Manager is an open source API management platform which provide all the aforementioned services in a user friendly manner. Let’s get started with this wonderful platform.
First of all download install the WSO2 API manager as mentioned below.
- Download the WSO2 API Manager.
- Start WSO2 API Manager by navigating to the
/bindirectory using the command-line and execute the following commandwso2server.bat --run(for Windows) orsh wso2server.sh(for Linux.)
Publishing GraphQL APIs in WSO2 API Manager
After successfully setting up, open https://localhost:9443/publisher on a browser and login with admin admin default credential. Click on CREATE API button and select I Have a GraphQL SDL schema option from the dropdown.
In the upcoming screen upload the schema file schema.graphql that we used in our application earlier. and click on next.
Next step is to provide the endpoint details and click on create. A sample which used our /graphql endpoint is given below.
Feel free to change the name, context, version and business plan as per your need. If successful you can see something similar to the picture below.
Now you can click on publish button to publish the API. You can manage or configure this API using the navigation bar on the left side of the screen. Play with it to understand the various settings that can be done. For example you can navigate to Runtime Configurations page in order to change the application level security type which is OAuth2 by default.
Now we have created, published and secured our API with wso2 API manager. To use this we will have to register a client application and subscribe to this API.
For that go to https://localhost:9443/devportal/apis and click on the created API from the API listing.
click on subscriptions on the left navigation bar or subscribe button on the overview page to register a client application and get the access tokens. For that click on subscription and key generation wizard button on the top or if you want to use the default you can click on the subscribe button straightaway.
After the subscription step you can use the below subscription listing to generate the access tokens.
To test the API go to the overview page and scroll below and click on Test button in the Operations section. There you can generate a sandbox test key to test the API. There is an inbuilt GraphiQL interface which can be used for testing purpose. A sample query and response is shown below.
Hope you liked this blog post. Feel free to leave some clapping.
Reference
