SlideShare a Scribd company logo

Wrapping and securing REST APIs with GraphQL

R
Roy Derks

This document discusses using GraphQL to wrap and secure REST APIs. It describes problems with REST APIs like multiple endpoints, over-fetching and under-fetching data, and versioning issues. GraphQL solves these problems with a single endpoint that returns flexible data structures. The document then provides steps to implement GraphQL, including using schemas to define queries and mutations, retrieving data from existing services and APIs, adding authentication middleware, and building a GraphQL server with Node.js and Apollo.

Technology
1 of 86
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
Wrapping and Securing REST APIs with GraphQL Nodejs Edinburgh Meetup 05/02/2019
What is this about? @gethackteam
@gethackteam
Who Am I? @gethackteam
@gethackteam Roy Derks @gethackteam Auth0 Ambassador #reactjs #ReactNative #GraphQL
Who is this for? @gethackteam
Who is this for? BACKEND @gethackteam
What is wrong with REST? @gethackteam
REST has multiple endpoints that return fixed data structures @gethackteam
Let’s look at an example REST API @gethackteam
What is wrong with REST? Multiple Endpoints @gethackteam
What is wrong with REST? Multiple Endpoints 1 @gethackteam
What is wrong with REST? Multiple Endpoints 1 2 @gethackteam
What is wrong with REST? Multiple Endpoints 1 2 3 @gethackteam
Why not create one endpoint with all information? @gethackteam
What is wrong with REST? Multiple Endpoints @gethackteam
What is wrong with REST? Multiple Endpoints @gethackteam
What is wrong with REST? Multiple Endpoints @gethackteam
Why not specify parameters you want to receive? @gethackteam
What is wrong with REST? Under/Over-fetching @gethackteam
SHOW What is wrong with REST? Under/Over-fetching @gethackteam
SHOW What is wrong with REST? Under/Over-fetching @gethackteam
SHOW What is wrong with REST? Under/Over-fetching 2 1 @gethackteam
But how does this affect the first version of the application? @gethackteam
SHOW MORE What is wrong with REST? Versioning V1 V2 @gethackteam
SHOW MORE What is wrong with REST? Versioning V1 V2 Different endpoints @gethackteam
SHOW MORE What is wrong with REST? Versioning V1 V2 Different endpoints @gethackteam Different parameters
SHOW MORE What is wrong with REST? Versioning V1 V2 Different endpoints @gethackteam Different parameters Different datastructures
How does GraphQL solve these problems? @gethackteam
How does GraphQL solve these problems? Multiple Endpoints @gethackteam
How does GraphQL solve these problems? Multiple Endpoints Over-fetching @gethackteam
How does GraphQL solve these problems? Multiple Endpoints Under-fetching (N+1) Over-fetching @gethackteam
How does GraphQL solve these problems? Multiple Endpoints Under-fetching (N+1) Over-fetching Versioning / Documentation@gethackteam
GraphQL has a single endpoint that returns flexible data structures @gethackteam
How does GraphQL Solve This Multiple Endpoints @gethackteam
How does GraphQL Solve This Multiple Endpoints @gethackteam
How does GraphQL Solve This Multiple Endpoints GET Query @gethackteam
How does GraphQL Solve This Multiple Endpoints Mutation POST PUT PATCH DELETE GET Query @gethackteam
How does GraphQL Solve This Multiple Endpoints Mutation POST PUT PATCH DELETE GET Query @gethackteam
How does GraphQL Solve This Single endpoint
How does GraphQL Solve This Single endpoint
How does GraphQL Solve This Single endpoint Describe the data structure
How does GraphQL Solve This Single endpoint Describe the data structure Set the possible queries
How does GraphQL Solve This Single endpoint
How does GraphQL Solve This Single endpoint Set dynamic parameters
Specify which data to return How does GraphQL Solve This Single endpoint Set dynamic parameters
How does GraphQL Solve This Single endpoint
How does GraphQL Solve This Single endpoint Predictable return result
Sounds great! How can I implement this? @gethackteam
BACKEND Implementation @gethackteam
BACKEND Implementation @gethackteam
Implementation Existing services Database(s) Third-party API @gethackteam
Implementation Existing services Database(s) Third-party API @gethackteam
Implementation Existing services Database(s) Third-party API @gethackteam
Implementation @gethackteam
Implementation @gethackteam Node.js API Server
Implementation @gethackteam Node.js API Server Apollo Express GraphQL Server
Implementation @gethackteam
Implementation Schemas @gethackteam
Implementation Schemas @gethackteam Match data to schema
Implementation @gethackteam
Implementation Retrieve data from source @gethackteam
Implementation Retrieve data from source Get information from headers @gethackteam
Implementation @gethackteam
Implementation Initialise the Node.js / GraphQL server @gethackteam
Data Sources @gethackteam
Data Sources @gethackteam
Data Sources @gethackteam Fetch REST endpoint
https://github.com/royderks/ auth0-graphql-rest/tree/ datasources @gethackteam
Cool, let’s add Authentication @gethackteam
Add Authentication @gethackteam
Add Authentication @gethackteam
Add Authentication Middleware to validate JWT @gethackteam
Add Authentication Middleware to validate JWT Retrieve key from JWT @gethackteam
Add Authentication Middleware to validate JWT Retrieve key from JWT Validate JWT scopes @gethackteam
Add Authentication @gethackteam
Add Authentication Don’t break when token is incorrect or missing @gethackteam
Add Authentication Don’t break when token is incorrect or missing Add middleware to endpoint @gethackteam
Add Authentication @gethackteam
Add Authentication Get information from headers @gethackteam
Add Authentication Get information from headers @gethackteam
Add Authentication Get information from headers Pass to REST endpoint @gethackteam
https://github.com/royderks/ auth0-graphql-rest @gethackteam
To summarise.. @gethackteam
GraphQL can be built on top of your existing data and code @gethackteam
Want to learn more? @gethackteam #javascriptEverywhere https://auth0.com/ https://howtographql.com

More Related Content

What's hot (20)

PDF
Serverless GraphQL for Product Developers
Sashko Stubailo
 
PDF
RxJS: A Beginner & Expert's Perspective - ng-conf 2017
Tracy Lee
 
PDF
Real-time GraphQL in Angular app
Mikhail Asavkin
 
PDF
GraphQL & Relay
Viacheslav Slinko
 
PDF
GraphQL With Relay Part Deux
Brad Pillow
 
PDF
GraphQL Without a Database | Frontend Developer Love
Roy Derks
 
PDF
GraphQL across the stack: How everything fits together
Sashko Stubailo
 
PPTX
GraphQL Introduction
bobo52310
 
PPTX
GraphQL Introduction
Serge Huber
 
PDF
Scaling your GraphQL applications with Dgraph
Karthic Rao
 
PDF
GraphQL Munich Meetup #1 - How We Use GraphQL At Commercetools
Nicola Molinari
 
PDF
GraphQL Europe Recap
Philipp Sporrer
 
PDF
Introduction to GraphQL
Brainhub
 
PDF
React and GraphQL at Stripe
Sashko Stubailo
 
PDF
Adding GraphQL to your existing architecture
Sashko Stubailo
 
PDF
GraphQL
Joel Corrêa
 
PPTX
React Flux to GraphQL
Turadg Aleahmad
 
PDF
Web Applications of the Future with TypeScript and GraphQL
Roy Derks
 
PDF
GraphQL: The Missing Link Between Frontend and Backend Devs
Sashko Stubailo
 
PPTX
Introduction to GraphQL
Rodrigo Prates
 
Serverless GraphQL for Product Developers
Sashko Stubailo
 
RxJS: A Beginner & Expert's Perspective - ng-conf 2017
Tracy Lee
 
Real-time GraphQL in Angular app
Mikhail Asavkin
 
GraphQL & Relay
Viacheslav Slinko
 
GraphQL With Relay Part Deux
Brad Pillow
 
GraphQL Without a Database | Frontend Developer Love
Roy Derks
 
GraphQL across the stack: How everything fits together
Sashko Stubailo
 
GraphQL Introduction
bobo52310
 
GraphQL Introduction
Serge Huber
 
Scaling your GraphQL applications with Dgraph
Karthic Rao
 
GraphQL Munich Meetup #1 - How We Use GraphQL At Commercetools
Nicola Molinari
 
GraphQL Europe Recap
Philipp Sporrer
 
Introduction to GraphQL
Brainhub
 
React and GraphQL at Stripe
Sashko Stubailo
 
Adding GraphQL to your existing architecture
Sashko Stubailo
 
GraphQL
Joel Corrêa
 
React Flux to GraphQL
Turadg Aleahmad
 
Web Applications of the Future with TypeScript and GraphQL
Roy Derks
 
GraphQL: The Missing Link Between Frontend and Backend Devs
Sashko Stubailo
 
Introduction to GraphQL
Rodrigo Prates
 

Similar to Wrapping and securing REST APIs with GraphQL (20)

PDF
GraphQL Will Do To REST What JSON Did To XML
Roy Derks
 
PDF
GraphQL with .NET Core Microservices.pdf
Knoldus Inc.
 
PPTX
Introduction to Graph QL
Deepak More
 
PPTX
GraphQL - an elegant weapon... for more civilized age
Bartosz Sypytkowski
 
PDF
Graphql
Neven Rakonić
 
PDF
GraphQL- Presentation
Ridwan Fadjar
 
PDF
apidays LIVE Paris - GraphQL meshes by Jens Neuse
apidays
 
PDF
APIsecure 2023 - Discovering GraphQL Vulnerabilities in the Wild, Tristan Kal...
apidays
 
PPTX
React inter3
Oswald Campesato
 
PDF
The GrapQL ecosystem
OlegsGabrusjonoks
 
PDF
GraphQL in an Age of REST
Yos Riady
 
PPTX
GraphQL.pptx
Preston Flossy
 
PPTX
GraphQL.pptx
Preston Flossy
 
PDF
GraphQL Bangkok meetup 5.0
Tobias Meixner
 
PDF
APIsecure 2023 - Learn how to attack and mitigate vulnerabilities in GraphQL,...
apidays
 
PPT
Graphql presentation
Vibhor Grover
 
DOCX
GraphQL Advanced Concepts A Comprehensive Guide.docx
ssuser5583681
 
PDF
REST to GraphQL migration: Pros, cons and gotchas
Alexey Ivanov
 
PDF
Apollo server II
NodeXperts
 
PDF
Introduction to GraphQL for beginners
Martin Pham
 
GraphQL Will Do To REST What JSON Did To XML
Roy Derks
 
GraphQL with .NET Core Microservices.pdf
Knoldus Inc.
 
Introduction to Graph QL
Deepak More
 
GraphQL - an elegant weapon... for more civilized age
Bartosz Sypytkowski
 
Graphql
Neven Rakonić
 
GraphQL- Presentation
Ridwan Fadjar
 
apidays LIVE Paris - GraphQL meshes by Jens Neuse
apidays
 
APIsecure 2023 - Discovering GraphQL Vulnerabilities in the Wild, Tristan Kal...
apidays
 
React inter3
Oswald Campesato
 
The GrapQL ecosystem
OlegsGabrusjonoks
 
GraphQL in an Age of REST
Yos Riady
 
GraphQL.pptx
Preston Flossy
 
GraphQL.pptx
Preston Flossy
 
GraphQL Bangkok meetup 5.0
Tobias Meixner
 
APIsecure 2023 - Learn how to attack and mitigate vulnerabilities in GraphQL,...
apidays
 
Graphql presentation
Vibhor Grover
 
GraphQL Advanced Concepts A Comprehensive Guide.docx
ssuser5583681
 
REST to GraphQL migration: Pros, cons and gotchas
Alexey Ivanov
 
Apollo server II
NodeXperts
 
Introduction to GraphQL for beginners
Martin Pham
 
Ad

More from Roy Derks (14)

PDF
Web Applications of the Future: GraphQL and TypeScript | React Alicante
Roy Derks
 
PDF
Why GraphQL is Perfect for Node.js Microservices - IJS London 2022
Roy Derks
 
PDF
Why GraphQL Is Perfect For Microservices - CityJS London 2022
Roy Derks
 
PDF
Workshop State-management in React with Context and Hooks
Roy Derks
 
PDF
GraphQL Authentication
Roy Derks
 
PDF
Web Applications of the Future with TypeScript and GraphQL
Roy Derks
 
PDF
Wrapping and Securing REST APIs with GraphQL
Roy Derks
 
PDF
Testing GraphQL in Your JavaScript Application: From Zero to Hundred Percent
Roy Derks
 
PDF
Open-sourcing JavaScript at the City of Amsterdam - All Things Open 2019
Roy Derks
 
PDF
We Are Developers - Modern React (Suspense, Context, Hooks) - Roy Derks
Roy Derks
 
PDF
Handling Large-Scale State-Management with React Context and Hooks
Roy Derks
 
PDF
Using ReasonML For Your Next JavaScript Project
Roy Derks
 
PDF
Boilerplates Are The New Copy-Paste
Roy Derks
 
PPTX
Workshop JavaScript ES6+
Roy Derks
 
Web Applications of the Future: GraphQL and TypeScript | React Alicante
Roy Derks
 
Why GraphQL is Perfect for Node.js Microservices - IJS London 2022
Roy Derks
 
Why GraphQL Is Perfect For Microservices - CityJS London 2022
Roy Derks
 
Workshop State-management in React with Context and Hooks
Roy Derks
 
GraphQL Authentication
Roy Derks
 
Web Applications of the Future with TypeScript and GraphQL
Roy Derks
 
Wrapping and Securing REST APIs with GraphQL
Roy Derks
 
Testing GraphQL in Your JavaScript Application: From Zero to Hundred Percent
Roy Derks
 
Open-sourcing JavaScript at the City of Amsterdam - All Things Open 2019
Roy Derks
 
We Are Developers - Modern React (Suspense, Context, Hooks) - Roy Derks
Roy Derks
 
Handling Large-Scale State-Management with React Context and Hooks
Roy Derks
 
Using ReasonML For Your Next JavaScript Project
Roy Derks
 
Boilerplates Are The New Copy-Paste
Roy Derks
 
Workshop JavaScript ES6+
Roy Derks
 
Ad

Recently uploaded (20)

PDF
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PDF
Biography of Daniel Podor.pdf
Daniel Podor
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
July Patch Tuesday
Ivanti
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
Biography of Daniel Podor.pdf
Daniel Podor
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
July Patch Tuesday
Ivanti
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 

Wrapping and securing REST APIs with GraphQL