Accelerate API Time-to-Market With GraphQL and Akana

In this blog post, readers will learn how Akana’s GraphQL features can help them expedite their API programs to achieve digital transformation at scale.

Where does GraphQL fit into your digital transformation strategy?

To answer that, we must first understand how GraphQL works. And how organizations can incorporate GraphQL APIs with their API management platform.

Olaf van Gorp and Samir Ullal from Akana recently delivered a webinar addressing how GraphQL works and how Akana’s GraphQL capabilities can help organizations accelerate time-to-market. You can watch the full webinar below, or keep reading to learn more about how to accelerate API time-to-market with GraphQL.  

What Is GraphQL?

In order to put GraphQL to use, we must first understand how it works. GraphQL is an open source specification for processing data queries. Clients can submit effective queries using GraphQL introspection capabilities. In other words, developers can query the GraphQL server for information about specific schema, or data sets. Moreover, GraphQL servers will validate those queries and execute them, returning exactly the data that the client asked for. Here’s where GraphQL sets itself apart. Unlike RESTful API queries that require a separate API for each data query, all GraphQL queries are executed through a single API endpoint.

In addition, GraphQL hides the actual data sources from the client, thereby improving security.

With GraphQL, you can delegate query creation to the client, allowing the client to request the exact data they wantrather than being dependent upon a fixed-response model.

REST Versus GraphQL APIs

RESTful APIs are still the most popular and widely used API type. With RESTful APIs, you pair a single API endpoint with a single operation. In short, each endpoint supports a distinct request and response. The response will typically return all data corresponding to the request, without the client being able to apply some fine-tuning up-front.

On the other hand, GraphQL allows you to pair a single API endpoint with multiple data operations. In short, a single endpoint supports all requests and responses that are allowed by the data graph, and can evolve to meet future needs. As systems, UI, and database requirements evolve – so do GraphQL APIs. When it comes to data, developers can control which data elements are part of the query and returned in the response. This results in optimized traffic bandwidth; moreover, it simplifies processing on the client side (as the client knows exactly what data is being returned).

Here are a few examples:

• A bank developer can query an API for the exact customer data required to perform a discrete function (such as start a quote for a product), as opposed to pulling the entire customer record. This can prevent exchange of unnecessary customer data being transmitted, minimizing the likelihood that this data ends up in the wrong hands.
• An insurance company can provide a customer quote via publicly available APIs. Developers can again elect to only query relevant customer information, thereby improving customer privacy.
• GitHub created a publicly-available GraphQL API to more effectively support flexible queries, which they found increasingly hard to manage with their existing REST API (https://docs.github.com/en/graphql ). 

Challenges With GraphQL APIs

The aspects of GraphQL APIs that enable greater nuance also come with potential pitfalls that have to be taken into consideration. 

Undoubtedly, the first major challenge with GraphQL APIs is security. If a GraphQL endpoint were directly exposed on the Internet, without proper security measures any client could ask for any data accessible through the associated graph. Schema introspection allows developers full visibility into all available data. Even without introspection enabled, there’s a serious risk in terms of potential data leaks.

In addition, clients can create intricate queries which need to be resolved by the GraphQL server. If queries involve too many nested objects, for example, the back-end systems that must process these queries can become overwhelmed. Malicious users might even try to purposely compromise system availability.

GraphQL not offering formal support for optimized traffic performance poses a second challenge. For example, GraphQL servers typically do not support operational runtime features like caching. This may add to unforeseen strain on the back-end services.

Challenges like these have made many enterprises stop short of making GraphQL APIs publicly available. Until now. Concerns can effectively be addressed, however, once GraphQL APIs are productized – just like any other enterprise API. In other words, they must be mediated using an API management platform. Typically, this would also allow for publishing the GraphQL API product with all required documentation in a developer portal, where it might be found next to its RESTful API counterparts.

Safely Exposing GraphQL APIs via an API 

Enterprise GraphQL APIs cannot simply be exposed directly from the GraphQL server, as this introduces serious security and availability risks. It is key to carefully assign responsibilities across your systems architecture. For example, GraphQL server implementations are great at formally validating queries and resolving them. On the other hand, API security concerns, like authorized access, message inspection and traffic management, are more aptly handled by an API gateway. Often, the API Gateway will also help to ensure optimized operational behavior.

When running GraphQL APIs at scale, you’ll need an API infrastructure that can reliably handle the anticipated number of requests. And possibly offering API access from various deployment zones across the globe.

An enterprise-grade API management solution, like Akana, greatly facilitates effectively managing your GraphQL APIs next to other API types. API productization can be largely done in an automated manner with minimal interference with the coding practice. Next, your GraphQL API products can be easily deployed across your API Gateway clusters and their details automatically published in corresponding developer portal or portals.

With Akana, you can offer a single developer portal in which APIs can be searched for and found, regardless of their API type or category. Each can have the same level of information, documentation and user-friendly testing capabilities. And optimized for RESTful versus GraphQL endpoints.

All of this helps to ensure an improved API developer experience. This in turn results in greater API adoption.

Accelerate API Time-to-Market With Akana and GraphQL

Working with Akana means you have access to an full lifecycle API management platform and team that is fully prepared to scale GraphQL APIs. Access automated features, enhanced API security protocols, and out-of-the-box GraphQL support.

With the Akana API management suite, clients can:

• Rapidly and easily create, publish, and manage APIs across the entire lifecycle.
• Access best-in-class API security and authorization features using our proven API gateway and developer portal.
• Publish RESTful, SOAP, GraphQL APIs in a single developer portal quickly and easily.

Find out if you qualify for a free 30-day trial of Akana.

Start Free Trial