Create and Publish a GraphQL API

Follow the instructions in this tutorial to design, publish, and invoke a GraphQL API.

Note

For more information on GraphQL APIs, see Create a GraphQL API.

Step 1 - Design a GraphQL API

  1. Sign in to the API Publisher Portal.

    https://<hostname>:9443/publisher

    Example: https://localhost:9443/publisher

    Let's use admin as your username and password to sign in.

  2. Click CREATE API and then click I Have a GraphQL SDL schema.

    Create GraphQL schema option

  3. Import the schema and click Next.

    Import a graphQL schema by adding a file

    Let's use the StarWarsAPI schema definition to create the schema file.

    Note

    • You need to define the SDL Schema based on the GraphQL schema design best practices.

    • The file extension can be either .graphql, .txt, or .json.
    • The file name can be any name, which is based on your preference.

    Import a graphQL schema by adding a file

  4. Enter the GraphQL API related details and click Create.

    Important

    Let's use the Star Wars sample backend server as the backend for our GraphQL API.

    • Clone the WSO2 API Manager Samples repository.
      git clone https://github.com/wso2/samples-apim
    • Navigate to graphql-backend directory.
    • Run npm install to install the necessary node modules.
    • Run npm start to start the server.

    Once the above steps are done, the Star Wars server will be running on http://localhost:8080. We can use http://localhost:8080/graphql as the endpoint when creating the API.

    Let's create an API named "StarWarsAPI" using the following sample data.

    Protocol State
    Description

    Name

    StarWarsAPI

    Context


    /swapi

    Version

    1.0.0

    Endpoint

    http://localhost:8080/graphql

    Business Plans

    Unlimited

    Add GraphQL API details

  5. Optionally, modify the existing GraphQL schema definition.

    1. Click Schema Definition.

    2. Click DOWNLOAD DEFINITION.

      The existing GraphQL API schema gets downloaded.

      Add schema definition

    3. Update the schema definition as required.

    4. Click IMPORT DEFINITION to import the updated schema definition.

  6. Update the GraphQL API operations as required.

    Instead of resources, which get populated for REST APIs, operations get populated for GraphQL APIs.

    1. Click Show More under the Operations section in the OVERVIEW page to navigate to the operations page.

      GraphQL API operations

    2. Update the operations as required.

      The Publisher can add rate limiting policies, scopes, and enable/disable security for each of the GraphQL API operations.

      1. Create scopes.

        Repeat the following sub-steps to create two scopes named adminScope and FilmSubscriberScope.

        1. Click Scopes > ADD NEW SCOPE.

          Add a scope page

        2. Enter the required details.

          Note

          The role that you enter should be a valid role that already exists in WSO2 API Manager. Make sure to assign the role to the user.

          Create a role named FilmSubscriber and assign it to the admin user for this example scenario. For more information, see Adding Users and Adding User Roles.

          Create a scope

        3. Press Enter to add each scope.

        4. Click SAVE.

          List of added scopes

      2. Define the operation level configurations.

        1. Click Operations.

        2. Click Operation Level to apply rate limiting for operations.

          Update GraphQL API operations

        3. Select a throttling policy, scope, and enable or disable security for each of the operations.

          Apply the adminScope and FilmSubscriberScope scopes to the allFilms and allPlanets operations, respectively.

        4. Click Save.

          If you check the list of scopes, it should appear as follows:

          Scope list

Now, you have created and configured the GraphQL API successfully.

Step 2 - Publish the GraphQL API

Click LIFECYCLE to navigate to the API lifecycle and click PUBLISH to publish the API to the API Developer Portal.

Publish GraphQL API

Step 3 - Invoke the GraphQL API

  1. Sign in to the DEVELOPER PORTAL.

    https://<hostname>:9443/devportal

    Example: https://localhost:9443/devportal

    Developer Portal

  2. Click on the GraphQL API.

    The API overview appears.

    StarWarsAPI API overview

  3. Optionally, download the API schema if required.

    Note

    You can download the API schema even without signing in to the Developer Portal

    Click More on the API overview page and then click GRAPHQL SCHEMA to download the API schema.

    Download GraphQL API schema

  4. Subscribe to the API.

    1. Click KEY GENERATION WIZARD.

    This wizard takes you through the steps of creating a new application, subscribing, generating keys, and generating an access token to invoke the API. Add the two scopes (allFilms, allPlanets) that you assigned to the operations.

    Note

    You can use any application (e.g., JWT or OAuth) to subscribe to the API.

    Key generation wizard

    1. Copy the authorization token that appears.

    Copy the authorization token

  5. Try out the operations.

    1. Click TEST to navigate to the developer console.

      Authorization token

    2. Select whether to invoke the API using HTTP or HTTPS from Servers.

    3. Paste the access token that you previously copied into the Access Token field.

    4. Click POST.

    5. Click Try it out and enter the following sample payload as the StarWarsAPI POST request.

      {
         "query": "{ human(id: 1000) {id name} droid(id:2000) {name} }"
      }

      Try out the post operation

      Note

      If you are going to invoke QUERY Operation, payload should be started with either with 'query' keyword or without any keyword.

      If you are going to invoke MUTATION Operation, payload should be started starting with 'mutation' keyword.

    6. Click Execute.

      Try out the post operation

You have successfully created and published your first GraphQL API, subscribed to it, obtained an access token for testing and tested your API with the access token.

Top