In this article from our series from INTEGRATE 2022, Let's take a deep dive into the session on how to modernize your API stack with GraphQL using Azure API Management, as presented by
Elizabeth Barnitt, a Program Manager in Microsoft for API Management.
Elizabeth started her session with a bunch of product updates, including some features available in Public Preview.
The following features are generally available with Azure API Management:
REST APIs have been with us for many years now. In that time, our expectations of client applications have grown. We expect client applications to run on mobile devices with low bandwidth, yet still, be responsive. Unfortunately, REST APIs restrict us in three basic ways:
Elizabeth showed a sample scenario with a Microsoft Store Page, which seemed relatively simple, but when analysed further, you realize you need to make so many REST calls to load this page. This is a major problem for all modern-day applications.
There have been various attempts to solve these issues, and the current favourite is GraphQL. GraphQL is a protocol specification that explicitly solves these issues. The client application can specify the data they need to render a page in a query document that is sent as a single request to the GraphQL service. A client application can also subscribe to changes in the data through a real-time WebSocket connection, allowing notifications to happen in a timely manner.
Going back to the same example, but now with GraphQL, you can see that you are just running a single query to a single endpoint, and still get all of the data that’s needed to render the page.
This makes it easy for developers to onboard, explore and build on top of the existing queries that they are using.
Elizabeth also touched upon how can you get started with implementing GraphQL.
There are two ways to implement GraphQL via Azure APIM.
You can use this when you already have an existing GraphQL API, which then you can plug in thru Azure APIM, leveraging all the existing benefits of API Management—including security, observability, and reduced latency—for their GraphQL APIs while also adding GraphQL-specific features such as a query test console, query validation, field-based authorization, and query depth and size restriction.
With this second approach, Synthetic GraphQL allows you to easily create a GraphQL API based on your existing HTTP (SOAP or REST) APIs. This allows you to quickly upgrade your API to support modern client application development without affecting your existing infrastructure.
With the preview GraphQL resolvers, you can remove the GraphQL backend completely and define a complete set of resolvers to fulfil any query. The resolvers can easily be written in Azure Functions or take advantage of REST APIs across M365, Azure, your own services, or third-party services such as Shopify, Marketo, or ServiceNow. The Synthetic GraphQL service will run all the required requests and combine the results into the response to the user.
After explaining the Synthetic GraphQL on Azure APIM, Elizabeth ran through a really cool demo using SpaceX GraphQL APIs and Azure APIM. She also demonstrated how convenient it is to extend the existing GraphQL with additional HTTP requests.
Briefly, the top 5 security issues with GraphQL were discussed and she also showed how those issues can be mitigated with Azure APIM.
If you would like to schedule a workshop to learn more about how you can leverage the Azure APIM to connect with your existing APIs and build a GraphQL on top of them, please reach out to us via our
LinkedIn Page or email us at