apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
GraphQL meshes
Jens Neuse, Founder of Wundergraph
3. Challenges of digital Transformation
1. Large corporations tend to have many APIs
2. Single source of truth is not always clear
3. Inconsistencies in schema are the norm
4. Versioning of APIs & backwards compatibility
5. Maintaining legacy systems is costly
6. Lots of custom middleware required to enable projects
7. Applications must be secure, performant & cacheable
4. 1. Handling APIs at scale
APIs are artifacts.
We need to treat them like artifacts!
It’s a lot easier if we could decide on a common language.
Or would you want a developer portal for SOAP, REST, gRPC & GraphQL?
5. GraphQL as a common language
Pros
- proven to be the optimal solution to fetch data for hierarchical user interfaces (web applications, SPAs, mobile
Apps)
- ability to combine data from multiple services
- GraphQL Federation
- Schema Stitching
- excellent tooling for development
Cons
- Challenges in Production: Security, Scaling, Caching
- No Hypermedia, doesn’t work well for Auth, File Uploads, etc.
6. Rethinking the “One Graph” Principle
- does one single Graph scale?
- what about 3rd party Graphs?
- can we link Graphs?
Solution
- on demand Micro Gateways
- npm/Docker for GraphQL Schemas
7. 2. + 3. Single Source of truth &
Inconsistencies of the schema
- if we treat APIs as artifacts, we can store schemas in git
- Continuous Integration
- can apply linters
- detects breaking changes
- validates against existing schemas
Most importantly, these checks run before deploying new APIs.
8. 4. Versioning & Backwards Compatibility
- It’s good practice to not version APIs and always make backwards
compatible changes
- What if you fear the burden of long term support?
- What if it’s inevitable to break the schema?
- What if clients, like IOT devices can never be updated?
Solution
Persisted Queries + Timestamp = RPC Snapshot
9. 5. Maintaining Legacy
- With GraphQL, we can run all APIs through a unified layer
- GraphQL analytics gives us detailed information about API usage
- GraphQL Queries tell you a lot more about your users, even if the upstream
is REST, SOAP or gRPC
10. 6. Custom Middleware
- One unified GraphQL data layer eliminates the need for custom middleware
- Query & Join data from different services with a single GraphQL Query
- Adapters for commonly used protocols like SOAP, gRPC, ODATA, etc.
The intention is not to remove business logic, but to onboard legacy systems
into the new world of APIs with low overhead.
17. GraphQL in development, REST in production
- GraphQL artifact/package manager to install dependencies
- GraphQL Queries while developing
- REST in Production
- Generated clients for productivity
- Micro Gateways to host REST middleware per application
- HTTP/2 Streams instead of Websocket Subscriptions
- Caching with ETAGs & stale while revalidate
19. Compiled GraphQL Operations
Most if not all GraphQL implementations do a lot of work at runtime,
unnecessary work, keeping the hot path busy.
They “interpret” GraphQL.
What if we could pre-compile GraphQL Operations into more efficient & secure
code at deployment time?
20. An In-depth look into GraphQL execution
Regular GraphQL Server
1. Lexing of the Query
2. Parsing
3. Normalization (removing whitespace, duplicate fields, etc.)
4. Validation
5. Enforcing Field level authorization
6. Calculating the complexity of the Query
7. Enforcing Rate limits & Quotas
8. Preparing multiple child GraphQL Queries & REST Requests
9. Printing all child GraphQL Queries
10. Sending all requests to the upstreams
11. Building up the final response
12. Validating that the response conforms to the GraphQL schema
13. Returning the response to the client
WunderGraph
1. Lexing of the Query
2. Parsing
3. Normalization (removing whitespace, duplicate fields, etc.)
4. Validation
5. Enforcing Field level authorization
6. Calculating the complexity of the Query
7. Enforcing Rate limits & Quotas
8. Preparing multiple child GraphQL Queries & REST Requests
9. Printing all child GraphQL Queries
10. Sending all requests to the upstreams
11. Building up the final response
12. Validating that the response conforms to the GraphQL schema
13. Returning the response to the client
21. Compiled Query Performance
Early tests show..
37-150x improvement in throughput (queries per second)
99th Latency reduction from > 1s to sub millisecond
22. Putting it all together
As an API provider…
- You develop APIs and push the artifacts
- CI prevents you from breaking clients
- CI helps you keeping your schema consistent with existing schemas
As an API consumer…
- You import API artifacts
- You write Queries and generate typesafe clients
- You deploy Micro Gateways to deploy your REST BFF in production
23. ROI
- one Repository to manage all APIs, one single source of truth
- combat schema inconsistencies with linters and a smart CI system
- move fast by allowing breaking changes without breaking API consumers
- get rid off legacy systems thanks to one central data pipeline
- reduce the amount of custom middleware required
The developer experience of GraphQL, combined with the strenghts of REST in
production.
24. 2021 - What’s ahead of us?
GraphQL + Schema Package Manager = Rocket fuel of the API economy
Connecting Graphs across teams and organizations will dramatically reduce
integration costs.
We’re building the foundation of the next level generation of SaaS businesses.