Skip to content

Latest commit

 

History

History

public-and-private-apis

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
lib
lib
 
 
services
services
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

README.md

Public & private APIs

This example demonstrates filtering unwanted elements from the public schema, and serving public and private versions of the stitched schema for internal and external use.

This example demonstrates:

  • Filtering unwanted fields from the final stitched schema.
  • Serving public (filtered) and private (unfiltered) API versions.

Setup

cd public-and-private-apis

yarn install
yarn start

The following services are available for interactive queries:

For simplicity, all subservices in this example are run locally by the gateway server. You could easily break out any subservice into a standalone remote server following the combining local and remote schemas example.

Summary

The last step in composing a clean and elegant gateway schema is to remove internal implementation details that should not be made available to the general public. You'll notice that the private gateway includes all artifacts of our original stitched schema, including underscored service names such as _sdl, _users and _products, and the underscored argument _scope. By constrast, the public gateway has removed these. This is quite simple using filterSchema and pruneSchema helpers from GraphQL Tools utils:

const { filterSchema, pruneSchema } = require('@graphql-tools/utils');

const privateSchema = makeGatewaySchema();
const publicSchema = pruneSchema(filterSchema({
  schema: privateSchema,
  rootFieldFilter: (type, fieldName) => !fieldName.startsWith('_'),
  fieldFilter: (type, fieldName) => !fieldName.startsWith('_'),
  argumentFilter: (typeName, fieldName, argName) => !argName.startsWith('_'),
}));

Filtering a schema will remove unwanted elements, and pruning it will cleanup orphans. This results in two versions of our schema: the complete original schema, and the groomed public schema. Each of these schemas may be served at their own endpoint—this gives public consumers one API with access limitations, while the complete set of fields remain available for internal purposes at another location:

const app = express();
app.use('/private/graphql', graphqlHTTP({ schema: privateSchema, graphiql: true }));
app.use('/public/graphql', graphqlHTTP({ schema: publicSchema, graphiql: true }));