In the past month, we’ve worked diligently to inform users about some of our favourite new GraphQL features at Tyk. This includes introducing GraphQL to our current API Management platform and our groundbreaking Universal Data Graph which allows users to build GraphQL endpoints right within Tyk!
From concept overviews to hands-on tutorials, here is a brief round-up of all the exciting stuff we have covered in our GraphQL journey so far!
In early June, our CEO, Martin, began to discuss the inspiration behind adding GraphQL capabilities into our API Management offering. He introduced the idea of “stitching together” schemas to create a single data graph from disparate data sources and the power of this approach. It was a great overview to give our users an answer to the “why” when it comes to GraphQL and Tyk.
At the same time that Martin published his high-level overview of Tyk’s Universal Data Graph, our Technical R&D Partner Ahmet Soormally put together a great piece outlining our approach and strategy behind our GraphQL offering. Ahmet covers the thoughts behind our implementation of authentication and authorization, DoS attack prevention using query depth limiting, and utilizing UDG to stitch together data sources to create a unified data graph with no code. The article gives a great overview of exactly what Tyk’s newest functionality has to offer our users in the GraphQL space.
Want to know exactly how companies are leveraging GraphQL to empower amazing growth and expedite development? This piece which outlines how some of the tech industries biggest players are utilizing GraphQL. This may be just the details you need to see how other companies are using the power of GraphQL and the reassurance you need to start using GraphQL in your technical stack.
We’ve added a lot of new functionality and as with all things new and shiny, sometimes it’s tough to determine if a new feature is actually something you should use. In this article I cover the types of users that may be interested in our GraphQL features and then go into detail to point out exactly what each feature is and what it does.
Tutorials and more tutorials!
What better way to get familiar with a new feature than to watch exactly how to use it! We put our heads together to make some concise videos which highlight some of our favourite GraphQL functionalities in Tyk.
Rest to GraphQL the easy way
In this tutorial we covered one of the first steps to utilizing Tyk’s Universal Data Graph: using a RESTfu API as a data source for our GraphQL API. In this example we took a simple REST API, created a GraphQL schema for it, and associated the data source of the schema to said REST API. When a GraphQL query is dispatched, Tyk then interprets the query, gathers the data, and returns a GraphQL response with the data. This shows how to simply create a GraphQL endpoint in Tyk.
Rest to GraphQL magic using Schema Stitching
To elaborate even further, based on the previous example above, Sedky walked us through how to stitch multiple RESTful API’s together to create a GraphQL API which leverages multiple data sources. We refer to this as “schema stitching”, the main component behind Tyk’s Universal Data Graph.
How to proxy to an existing GraphQL service
For those already using GraphQL, using Tyk to secure existing GraphQL endpoints may be exactly what you need! The great news is that in this tutorial we show you in a few brief steps how you can proxy to your existing GraphQL service. Once you have the service linked up within Tyk you can begin to use many of the other great GraphQL features mentioned in this article and in our docs!
How to enable GraphQL Field-based permissions
Locking down fields in GraphQL based on authorization is a great way to protect the data you expose in your Graph. Luckily, Tyk gives you just the tools to do this! In this tutorial we look at how to set field-based permissions in an existing GraphQL policy in Tyk. Once we have set some permissions we then go to the Tyk GraphQL Playground to show exactly how these permissions are enforced.
How to add Query Depth limiting to your GraphQL APIs
Deeply nested malicious queries are one of the most common ways to cause a denial of service attack on a GraphQL endpoint. With Tyk, we have added in a Query Depth Limit to stop such attacks and it is easily configured and used. This tutorial shows you how little it takes to create a query depth limit and enforce it.
How to secure your GraphQL endpoints
Built as a one-stop shop for securing your GraphQL endpoints, we build on the two previously mentioned videos so that you can rapidly secure your endpoints. Covering the full scope of creating and configuring a policy for GraphQL, issuing a key, and using the key to access our GraphQL API through the Tyk Developer Playground.
How to enable the GraphQL developer playground
Throughout the tutorials you’ll see that we reference the GraphQL Developer Playground and use it quite frequently. The Playground is a place where developers can navigate to so that they can test out queries before embedding them in their code and check out other stuff like documentation that also appears here. This video briefly shows how to enable the Playground and navigate to it so you’ll be up and running in no time!
Stay posted over the next few months as we expand our GraphQL content and offering. Interested in getting started with GraphQL in Tyk? Check out our get started page to take the first steps!