Adding the GraphQL proxy – Digital Transformation with IBM API Connect-2

5. The next page displays some additional choices you need to make about security and whether you want to immediately publish your API to the Sandbox catalog. The following screenshot shows you those options:

    Figure 9.10 – Setting security options for GraphQL

    Due to Chapter 7, Securing APIs, you should already be familiar with the fact that enabling CORS checking is valuable but the option to secure using a Client ID has some additional meaning.

    In REST, the number of transactions is limited by setting rating limits in the Plan. These are based on requests. With GraphQL, you have different factors that can be applied with regard to rating limits. GraphQL supports a type called Subscriptions. With Subscriptions, the GraphQL server will periodically send you information about updates to the schema. As the client, you may want to know about changes, but how many times do you want to check? Depending on your Plan, you may be exceeding your rating limits if you are receiving subscriptions consistently. The other consideration that can apply to rate limiting is the cost of the query. Since this calculation can be determined within API Connect and can be added to the Plan, this method of setting the appropriate cost limitations will require some thought. To learn more about this subject, you should review Securing a GraphQL API using a client ID at https://www.ibm.com/docs/en/api-connect/10.0.x?topic=api-securing-graphql-by-using-client-id.

    Two final notes about Figure 9.10. First, you have the option to immediately publish your API with the Activate API checkbox. The other thing to note is all of the rating criteria that we discussed earlier are implemented within the Gateway policies. If you uncheck items and want to re-enable them, you need to manually go into the Gateway tab and add those policies to the appropriate areas.

    Click Next.

    6. Assuming you select Activate API, you will be presented with the Summary page, as follows:

    Figure 9.11 – Successfully creating a GraphQL API

    The Summary page will show you the status of what was applied and some relevant information, such as API base endpoints and credentials. Note that your values will be different from those shown in the preceding screenshot.

    7. After reviewing the Summary page, you should click Edit API to review what you just created. Navigate to the Gateway tab and review what was generated for you under Policies:

    Figure 9.12 – Gateway policies for your GraphQL API

    The policies that have been applied to the GraphQL API are rather large. You should scroll to the right to see more policies, as well as scroll down to see more of the switch cases:

    Figure 9.13 – Scrolling right to see the GraphQL policies showing ratelimit

    As you will see, the switch handles the various operations and within those operations, you will also see the ratelimit design policies. By taking all of the defaults, you now have a GraphQL API you can begin working with.

    One concern, given that GraphQL is slightly different than typical REST transactions, is how to measure the rating plans. Before you learn about rating plans, you need to address the warnings you saw. Those warnings have an impact on the rating plans and you will learn about addressing them next.

    Related Post

    Leave a Reply

    Your email address will not be published. Required fields are marked *