SlideShare a Scribd company logo

Wrapping and securing REST APIs with GraphQL

R
Roy Derks

This document discusses using GraphQL to wrap and secure REST APIs. It describes problems with REST APIs like multiple endpoints, over-fetching and under-fetching data, and versioning issues. GraphQL solves these problems with a single endpoint that returns flexible data structures. The document then provides steps to implement GraphQL, including using schemas to define queries and mutations, retrieving data from existing services and APIs, adding authentication middleware, and building a GraphQL server with Node.js and Apollo.

Technology
1 of 86
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
Wrapping and Securing REST APIs with GraphQL Nodejs Edinburgh Meetup 05/02/2019
What is this about? @gethackteam
@gethackteam
Who Am I? @gethackteam
@gethackteam Roy Derks @gethackteam Auth0 Ambassador #reactjs #ReactNative #GraphQL
Who is this for? @gethackteam
Who is this for? BACKEND @gethackteam
What is wrong with REST? @gethackteam
REST has multiple endpoints that return fixed data structures @gethackteam
Let’s look at an example REST API @gethackteam
What is wrong with REST? Multiple Endpoints @gethackteam
What is wrong with REST? Multiple Endpoints 1 @gethackteam
What is wrong with REST? Multiple Endpoints 1 2 @gethackteam
What is wrong with REST? Multiple Endpoints 1 2 3 @gethackteam
Why not create one endpoint with all information? @gethackteam
What is wrong with REST? Multiple Endpoints @gethackteam
What is wrong with REST? Multiple Endpoints @gethackteam
What is wrong with REST? Multiple Endpoints @gethackteam
Why not specify parameters you want to receive? @gethackteam
What is wrong with REST? Under/Over-fetching @gethackteam
SHOW What is wrong with REST? Under/Over-fetching @gethackteam
SHOW What is wrong with REST? Under/Over-fetching @gethackteam
SHOW What is wrong with REST? Under/Over-fetching 2 1 @gethackteam
But how does this affect the first version of the application? @gethackteam
SHOW MORE What is wrong with REST? Versioning V1 V2 @gethackteam
SHOW MORE What is wrong with REST? Versioning V1 V2 Different endpoints @gethackteam
SHOW MORE What is wrong with REST? Versioning V1 V2 Different endpoints @gethackteam Different parameters
SHOW MORE What is wrong with REST? Versioning V1 V2 Different endpoints @gethackteam Different parameters Different datastructures
How does GraphQL solve these problems? @gethackteam
How does GraphQL solve these problems? Multiple Endpoints @gethackteam
How does GraphQL solve these problems? Multiple Endpoints Over-fetching @gethackteam
How does GraphQL solve these problems? Multiple Endpoints Under-fetching (N+1) Over-fetching @gethackteam
How does GraphQL solve these problems? Multiple Endpoints Under-fetching (N+1) Over-fetching Versioning / Documentation@gethackteam
GraphQL has a single endpoint that returns flexible data structures @gethackteam
How does GraphQL Solve This Multiple Endpoints @gethackteam
How does GraphQL Solve This Multiple Endpoints @gethackteam
How does GraphQL Solve This Multiple Endpoints GET Query @gethackteam
How does GraphQL Solve This Multiple Endpoints Mutation POST PUT PATCH DELETE GET Query @gethackteam
How does GraphQL Solve This Multiple Endpoints Mutation POST PUT PATCH DELETE GET Query @gethackteam
How does GraphQL Solve This Single endpoint
How does GraphQL Solve This Single endpoint
How does GraphQL Solve This Single endpoint Describe the data structure
How does GraphQL Solve This Single endpoint Describe the data structure Set the possible queries
How does GraphQL Solve This Single endpoint
How does GraphQL Solve This Single endpoint Set dynamic parameters
Specify which data to return How does GraphQL Solve This Single endpoint Set dynamic parameters
How does GraphQL Solve This Single endpoint
How does GraphQL Solve This Single endpoint Predictable return result
Sounds great! How can I implement this? @gethackteam
BACKEND Implementation @gethackteam
BACKEND Implementation @gethackteam
Implementation Existing services Database(s) Third-party API @gethackteam
Implementation Existing services Database(s) Third-party API @gethackteam
Implementation Existing services Database(s) Third-party API @gethackteam
Implementation @gethackteam
Implementation @gethackteam Node.js API Server
Implementation @gethackteam Node.js API Server Apollo Express GraphQL Server
Implementation @gethackteam
Implementation Schemas @gethackteam
Implementation Schemas @gethackteam Match data to schema
Implementation @gethackteam
Implementation Retrieve data from source @gethackteam
Implementation Retrieve data from source Get information from headers @gethackteam
Implementation @gethackteam
Implementation Initialise the Node.js / GraphQL server @gethackteam
Data Sources @gethackteam
Data Sources @gethackteam
Data Sources @gethackteam Fetch REST endpoint
https://github.com/royderks/ auth0-graphql-rest/tree/ datasources @gethackteam
Cool, let’s add Authentication @gethackteam
Add Authentication @gethackteam
Add Authentication @gethackteam
Add Authentication Middleware to validate JWT @gethackteam
Add Authentication Middleware to validate JWT Retrieve key from JWT @gethackteam
Add Authentication Middleware to validate JWT Retrieve key from JWT Validate JWT scopes @gethackteam
Add Authentication @gethackteam
Add Authentication Don’t break when token is incorrect or missing @gethackteam
Add Authentication Don’t break when token is incorrect or missing Add middleware to endpoint @gethackteam
Add Authentication @gethackteam
Add Authentication Get information from headers @gethackteam
Add Authentication Get information from headers @gethackteam
Add Authentication Get information from headers Pass to REST endpoint @gethackteam
https://github.com/royderks/ auth0-graphql-rest @gethackteam
To summarise.. @gethackteam
GraphQL can be built on top of your existing data and code @gethackteam
Want to learn more? @gethackteam #javascriptEverywhere https://auth0.com/ https://howtographql.com

More Related Content

PDF
Frontcon Riga - GraphQL Will Do To REST What JSON Did To XML
Roy Derks
 
PDF
Kafka and GraphQL: Misconceptions and Connections | Gerard Klijs, Open Web
HostedbyConfluent
 
PDF
JNation: REST APIs to GraphQL with Express and Apollo
Roy Derks
 
PDF
GraphQL + relay
Cédric GILLET
 
PPTX
Machine Learning and Python For Marketing Automation | MKGO October 2019 | Ru...
Ruth Everett
 
PDF
RxJS - The Basics & The Future
Tracy Lee
 
PDF
Graphql
Niv Ben David
 
PDF
GraphQL over REST at Reactathon 2018
Sashko Stubailo
 
Frontcon Riga - GraphQL Will Do To REST What JSON Did To XML
Roy Derks
 
Kafka and GraphQL: Misconceptions and Connections | Gerard Klijs, Open Web
HostedbyConfluent
 
JNation: REST APIs to GraphQL with Express and Apollo
Roy Derks
 
GraphQL + relay
Cédric GILLET
 
Machine Learning and Python For Marketing Automation | MKGO October 2019 | Ru...
Ruth Everett
 
RxJS - The Basics & The Future
Tracy Lee
 
Graphql
Niv Ben David
 
GraphQL over REST at Reactathon 2018
Sashko Stubailo
 

What's hot (20)

PDF
Serverless GraphQL for Product Developers
Sashko Stubailo
 
PDF
RxJS: A Beginner & Expert's Perspective - ng-conf 2017
Tracy Lee
 
PDF
Real-time GraphQL in Angular app
Mikhail Asavkin
 
PDF
GraphQL & Relay
Viacheslav Slinko
 
PDF
GraphQL With Relay Part Deux
Brad Pillow
 
PDF
GraphQL Without a Database | Frontend Developer Love
Roy Derks
 
PDF
GraphQL across the stack: How everything fits together
Sashko Stubailo
 
PPTX
GraphQL Introduction
bobo52310
 
PPTX
GraphQL Introduction
Serge Huber
 
PDF
Scaling your GraphQL applications with Dgraph
Karthic Rao
 
PDF
GraphQL Munich Meetup #1 - How We Use GraphQL At Commercetools
Nicola Molinari
 
PDF
GraphQL Europe Recap
Philipp Sporrer
 
PDF
Introduction to GraphQL
Brainhub
 
PDF
React and GraphQL at Stripe
Sashko Stubailo
 
PDF
Adding GraphQL to your existing architecture
Sashko Stubailo
 
PDF
GraphQL
Joel Corrêa
 
PPTX
React Flux to GraphQL
Turadg Aleahmad
 
PDF
Web Applications of the Future with TypeScript and GraphQL
Roy Derks
 
PDF
GraphQL: The Missing Link Between Frontend and Backend Devs
Sashko Stubailo
 
PPTX
Introduction to GraphQL
Rodrigo Prates
 
Serverless GraphQL for Product Developers
Sashko Stubailo
 
RxJS: A Beginner & Expert's Perspective - ng-conf 2017
Tracy Lee
 
Real-time GraphQL in Angular app
Mikhail Asavkin
 
GraphQL & Relay
Viacheslav Slinko
 
GraphQL With Relay Part Deux
Brad Pillow
 
GraphQL Without a Database | Frontend Developer Love
Roy Derks
 
GraphQL across the stack: How everything fits together
Sashko Stubailo
 
GraphQL Introduction
bobo52310
 
GraphQL Introduction
Serge Huber
 
Scaling your GraphQL applications with Dgraph
Karthic Rao
 
GraphQL Munich Meetup #1 - How We Use GraphQL At Commercetools
Nicola Molinari
 
GraphQL Europe Recap
Philipp Sporrer
 
Introduction to GraphQL
Brainhub
 
React and GraphQL at Stripe
Sashko Stubailo
 
Adding GraphQL to your existing architecture
Sashko Stubailo
 
GraphQL
Joel Corrêa
 
React Flux to GraphQL
Turadg Aleahmad
 
Web Applications of the Future with TypeScript and GraphQL
Roy Derks
 
GraphQL: The Missing Link Between Frontend and Backend Devs
Sashko Stubailo
 
Introduction to GraphQL
Rodrigo Prates
 
Ad

Similar to Wrapping and securing REST APIs with GraphQL (20)

PDF
GraphQL Will Do To REST What JSON Did To XML
Roy Derks
 
PDF
GraphQL with .NET Core Microservices.pdf
Knoldus Inc.
 
PPTX
Introduction to Graph QL
Deepak More
 
PPTX
GraphQL - an elegant weapon... for more civilized age
Bartosz Sypytkowski
 
PDF
Graphql
Neven Rakonić
 
PDF
GraphQL- Presentation
Ridwan Fadjar
 
PPTX
apidays Munich 2025 - GraphQL 101: I won't REST, until you GraphQL, Surbhi Si...
apidays
 
PDF
apidays LIVE Paris - GraphQL meshes by Jens Neuse
apidays
 
PDF
APIsecure 2023 - Discovering GraphQL Vulnerabilities in the Wild, Tristan Kal...
apidays
 
PPTX
React inter3
Oswald Campesato
 
PDF
The GrapQL ecosystem
OlegsGabrusjonoks
 
PDF
GraphQL in an Age of REST
Yos Riady
 
PPTX
GraphQL.pptx
Preston Flossy
 
PPTX
GraphQL.pptx
Preston Flossy
 
PDF
GraphQL Bangkok meetup 5.0
Tobias Meixner
 
PDF
APIsecure 2023 - Learn how to attack and mitigate vulnerabilities in GraphQL,...
apidays
 
PPT
Graphql presentation
Vibhor Grover
 
DOCX
GraphQL Advanced Concepts A Comprehensive Guide.docx
ssuser5583681
 
PDF
REST to GraphQL migration: Pros, cons and gotchas
Alexey Ivanov
 
PDF
Apollo server II
NodeXperts
 
GraphQL Will Do To REST What JSON Did To XML
Roy Derks
 
GraphQL with .NET Core Microservices.pdf
Knoldus Inc.
 
Introduction to Graph QL
Deepak More
 
GraphQL - an elegant weapon... for more civilized age
Bartosz Sypytkowski
 
Graphql
Neven Rakonić
 
GraphQL- Presentation
Ridwan Fadjar
 
apidays Munich 2025 - GraphQL 101: I won't REST, until you GraphQL, Surbhi Si...
apidays
 
apidays LIVE Paris - GraphQL meshes by Jens Neuse
apidays
 
APIsecure 2023 - Discovering GraphQL Vulnerabilities in the Wild, Tristan Kal...
apidays
 
React inter3
Oswald Campesato
 
The GrapQL ecosystem
OlegsGabrusjonoks
 
GraphQL in an Age of REST
Yos Riady
 
GraphQL.pptx
Preston Flossy
 
GraphQL.pptx
Preston Flossy
 
GraphQL Bangkok meetup 5.0
Tobias Meixner
 
APIsecure 2023 - Learn how to attack and mitigate vulnerabilities in GraphQL,...
apidays
 
Graphql presentation
Vibhor Grover
 
GraphQL Advanced Concepts A Comprehensive Guide.docx
ssuser5583681
 
REST to GraphQL migration: Pros, cons and gotchas
Alexey Ivanov
 
Apollo server II
NodeXperts
 
Ad

More from Roy Derks (14)

PDF
Web Applications of the Future: GraphQL and TypeScript | React Alicante
Roy Derks
 
PDF
Why GraphQL is Perfect for Node.js Microservices - IJS London 2022
Roy Derks
 
PDF
Why GraphQL Is Perfect For Microservices - CityJS London 2022
Roy Derks
 
PDF
Workshop State-management in React with Context and Hooks
Roy Derks
 
PDF
GraphQL Authentication
Roy Derks
 
PDF
Web Applications of the Future with TypeScript and GraphQL
Roy Derks
 
PDF
Wrapping and Securing REST APIs with GraphQL
Roy Derks
 
PDF
Testing GraphQL in Your JavaScript Application: From Zero to Hundred Percent
Roy Derks
 
PDF
Open-sourcing JavaScript at the City of Amsterdam - All Things Open 2019
Roy Derks
 
PDF
We Are Developers - Modern React (Suspense, Context, Hooks) - Roy Derks
Roy Derks
 
PDF
Handling Large-Scale State-Management with React Context and Hooks
Roy Derks
 
PDF
Using ReasonML For Your Next JavaScript Project
Roy Derks
 
PDF
Boilerplates Are The New Copy-Paste
Roy Derks
 
PPTX
Workshop JavaScript ES6+
Roy Derks
 
Web Applications of the Future: GraphQL and TypeScript | React Alicante
Roy Derks
 
Why GraphQL is Perfect for Node.js Microservices - IJS London 2022
Roy Derks
 
Why GraphQL Is Perfect For Microservices - CityJS London 2022
Roy Derks
 
Workshop State-management in React with Context and Hooks
Roy Derks
 
GraphQL Authentication
Roy Derks
 
Web Applications of the Future with TypeScript and GraphQL
Roy Derks
 
Wrapping and Securing REST APIs with GraphQL
Roy Derks
 
Testing GraphQL in Your JavaScript Application: From Zero to Hundred Percent
Roy Derks
 
Open-sourcing JavaScript at the City of Amsterdam - All Things Open 2019
Roy Derks
 
We Are Developers - Modern React (Suspense, Context, Hooks) - Roy Derks
Roy Derks
 
Handling Large-Scale State-Management with React Context and Hooks
Roy Derks
 
Using ReasonML For Your Next JavaScript Project
Roy Derks
 
Boilerplates Are The New Copy-Paste
Roy Derks
 
Workshop JavaScript ES6+
Roy Derks
 

Recently uploaded (20)

PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 

Wrapping and securing REST APIs with GraphQL