How to Publish GraphQL APIs to a Developer Portal

So you’ve been using and getting all the benefits that GraphQL has to offer with the Arvata GraphQL server for a while now, and you keep hearing about these concepts with an API developer portal involving client→API mappings and account/API plans. What are these concepts and how can you benefit from them?

Client → API Mappings

Client → API mappings allow us to restrict access to a given API to a list of authorized clients. This is possible due to the way the Layer7 API Developer Portal integrates with the OAuth Toolkit (AKA the “OTK”) (note – we’re using Layer7 as the example deployment – you may need to adjust these steps if you’re using a different portal). This integration allows us to create “applications” via the Portal which in turn creates an OAuth client in your OAuth provider. We can then map that application/client to an API in the Portal and when we use the corresponding API key or OAuth token from that application, the mapping will be enforced at runtime during API calls.

Account/API Plans

Account/API Plans can be attached to an organization (group of applications and their APIs) or individual API and enforce rate limiting (i.e. 1 transaction/sec)/quota enforcement (i.e. 1,000 req/day), and allow you to visualize these metrics from within the Layer7 API Developer Portal’s monitoring dashboard.

Arvata Euclid offers this tight integration with the API Developer Portal out of the box, allowing you to toggle portal management of your endpoint with a simple UI switch.

Andrew Messer

Andrew Messer

Andrew is a 20+ year veteran of Enterprise Software with about half of his career spent in technical capacities and the balance in Sales, M&A, Global Services Leadership, Sales Strategy, and Portfolio Management. Andrew has been deeply entrenched in the API Management space since 2014 starting with CA Technologies acquisition of Layer7, followed by running the CA Global API Management Services practice and is now the CEO of a software startup focused on building innovative API security and integration solutions. Andrew's base of operations is Carolina Beach, NC. In his downtime, he enjoys spending time with his family in all things “beach” related, barbecuing and photography.

Share With Your Network

Share on twitter
Share on linkedin
Share on facebook
Share on email
Share on print