Avaloq GraphQL
Exploring GraphQL / Solution Outline
Loydl Unternehmensberatung, H. Loydl – 2017
1
Content
•
•
•
•
•
•
•
•
•
Explore GraphQL Query Language
What is GraphQL, What is it not
REST
GraphQL Type System example
Introspection, Composition, Resolving fields
Mutation, N+1 queries problem solution, Security
Why GraphQL for Avaloq?
POC (slide 25 …)
Other stuff
2
GraphQL Query Language – “Hello World” example
{
me {
name
}
}
3
{
{
“me” {
“name” : “Harald Loydl”
}
me {
name
}
}
}
4
{
businessPartner(id: 1) {
name
}
{
“name”: “ACME AG”
}
}
5
{
businessPartner(id: 1) {
name
address {
street
city
country
}
}
{
“name”: “ACME AG”,
“address”: {
“street”: “Förlibuckstrasse”,
“city”: “Zurich”,
“country”: “Switzerland”
}
}
}
6
{
businessPartner(id: 1) {
name
domicile: address(addrType: DOMICILE) {
street
city
country
}
postal: address(addrType: POSTAL) {
street
city
country
}
}
{
“name”: “ACME AG”,
“domicile”: {
“street”: “Förlibuckstrasse”,
“city”: “Zurich”,
“country”: “Switzerland”
}
“postal”: {
“street”: “Giessereistrasse”,
“city”: “Zurich”,
“country”: “Switzerland”
}
}
}
7
{
businessPartner(id: 1) {
name
containers {
name
}
}
{
“name”: “ACME AG”
“containers”: [
{
“name”: “container 1”
},
{
“name”: “container 2”
}
]
}
}
8
{
businessPartner(id: 1) {
name
containers {
name
positions {
name
}
}
}
}
{
“name”: “ACME AG”,
“containers”: [
{
“name”: “container 1”,
“positions”: [
{
“name”: “pos 1”
},
{
“name”: “pos 2”
}
]
},
{
“name”: “container 2”,
“positions”: [
{
“name”: “pos 1”
},
9
What GraphQL is NOT
- No Database
- No Storage Engine
- No Library
- No Software to install (i.e. no GraphQL server to buy and install)
- Not bound to a programming language
- Not bound to a network transport protocol (can use HTTP, websockets, …)
10
What GraphQL IS
- A Query Language for APIs
- A Specification for servers to execute GraphQL queries
- A thin API and routing layer
(field resolver can fetch data from different sources)
11
Disadvantages of REST
GET /businessPartner/12274526535/containers
- Hard to specify and implement advanced requests with includes, excludes and
especially with linked or nested resources
- Generic endpoints typically overfetch data
- Specific endpoints (per view) are getting pretty ugly to version hell
- Over- or under-fetching of data is unavoidable
- Too tight coupling between client (views) and server (endpoints)
- documentation often outdated
- developer uncertain about the responses (ambiguity, trial and error)
12
Avaloq GraphQL Type System
type Query {
me: User
businessPartner (id: Int): BusinessPartner
}
enum AddressTypeEnum {
DOMICILE,
POSTAL
}
type User {
name: String
}
type Address {
street: String
city: String
country: String
}
type BusinessPartner {
Id: Int
name: String
address(addrType: AddressTypeEnum):
Address
containers(first: Int): [Container]
}
type Container {
name: String
}
13
Type System on the Client? …  Introspection
{
__schema {
queryType { name }
types {
name
fields {
name
type {
kind
name
ofType {name}
}
}
}
}
}
14
GraphQL Introspection
→ Validation
{
businessPartner (id: 1231323)
{
name,
icnatspel
}
}
Unknown field “icnatspel”
on type “BusinessPartner”
→ IDE Integration
→ Code Generation
→ Auto-Documentation, Deprecation
15
Composition (Fragments)
{
businessPartner(id: 21252452) {
name
domicile: address(addrType: DOMICILE) {
...addressFragment
}
postal: address(addrType: POSTAL) {
...addressFragment
}
}
}
fragment addressFragment on Address {
street
city
country
}
16
Resolving fields
type BusinessPartner {
name: String
address(addrType: AddressTypeEnum):
Address
containers(first: Int): [Container]
}
Fields like name, address and
containers from the Type
Definition on the left side are
simple functions which actually
resolve to a function.
Fields expose a function named
‘resolve’ with parameters
(parent-object, field-args, queryctx) where you implement how
you fetch your data
17
Mutations
mutation {
createBusinessPartner(name: “Max Muster”, bpType: …) {
id
name
}
}
18
N+1 Queries Problem
Without a caching or batching mechanism, it's easy for a naive GraphQL server to issue
new database requests each time a field is resolved.
Solution: Batching and Caching
Further reading:
•
DataLoader
•
Query batching in Apollo
19
Security
“Oh no, you are letting your users query your database directly…?”
(the most awful thing ever)
But… beside possible other solutions (like classic multi-tier)…
• We define a Schema
• We never expose something we don’t want to expose
• We can have max execution time / Timeouts: after x seconds stop the query
• We can limit the query depth or query complexity (define field costs)
• ...
20
GraphQL – sample of more Features
- Subscriptions.
Client: “when this/that changes I want updates”.
(GraphQL does not make any assumptions on how you implementation it)
- Deferred Queries.
Directive @defer
Client: “show this GUI as fast as possible. But, there is a “deferred” part which can
take longer to load. Show this part later when it is loaded”
21
GraphQL - a data abstraction layer
GraphQL
Existing Application Code
Avaloq
Credit
Risk Mgmt
Compliance
...
22
Why GraphQL for Avaloq?
Big picture
• numerous clients, multiple platforms, overlapping features
• Apps around (micro)services instead of databases
So everything is fine...
Until you call the server….
23
Why GraphQL for Avaloq?
• Data fetching performance needs to be massively improved
• GraphQL can describe the Avaloq Object Model / arbitrary levels of abstraction
• The conceptual problems of REST APIs can be solved ( → Slide 11)
• Decoupling the client from the server (decouple features from endpoints)
24
Demonstrate in the POC…
1. GraphQL gives developers a much better understanding of Avaloq objects
and their relations
2. Play around with Avaloq data, query and mutate data through an easy to
understand query language (showcase GraphiQL)
3. Significant performance improvements for GUIs incl. mobile
4. Angular, React, any GUI library can be used to build Frontends, simplicity
5. Clients get exactly the requested data (predictable, no ambiguity)
6. Clients get data in one round trip (Performance)
7. Batching and Caching
8. Enhancing the API without breaking clients code
9. Adding new GUI features without changing the server
25
Why GraphQL for Avaloq?
• GraphQL makes it so much easier to build public APIs aligned to Avaloq internal API
i.e. the Avaloq Object Model + no mess with versions or breaking changes
• Vastly simplified API release management (no breaking changes anymore, easy
support for multiple versions out in the field, easy introduction of new features)
• Easy to use and free available GraphQL tools to enhance the developer experience,
productivity, more fun to work with
• Innovation
26
POC: Assumptions
1. Business Logic remains in ACP (obviously)
2. Kernel Layer Business Objects, doc Layer Objects, Avaloq WFC, Rules,
etc. ...so everything of relevance in terms of “Avaloq data and transactions”
is accessible through internal PL/SQL function/procedure calls
3. Avaloq can expose this internal PL/SQL API for the needs of this POC and
possibly above that for a Node.js production backend implementation
4. No need to change the internal PL/SQL API at all
5. Node.js in (or near) the backend is an opportunity for improvements (as
discussed here) and does not violate basic architecture or security
principles
6. Avaloq is interested to innovate and to start an incubation project when the
outcome of this POC is perceived as an opportunity to improve things
27
POC: Architecture (high level)
Browser, Native App, Frameworks, IDE Tools (e.g.
GraphiQL),..
Avaloq Backend
GraphQL.js
server
(Node.js)
Existing Application Code
(internal PL/SQL API)
Oracle DB
driver for
Node.js
28
POC: Areas of interest
1. Oracle Database Node.js Driver
- Connection, Performance and Security
- Steps towards a “Node.js in or near the backend” production system
2. GraphQL
- Query and Mutate Avaloq Business Objects
- Caching and Batching
- Web/mobile GUIs using GraphQL
- Schema Customization: from an Avaloq GraphQL “Standard” Schema
to a customer specific GraphQL Schema (Banks can adjust to their
needs)
29
POC “alternative”: GraphQL Server connects AMI
Browser, Native App, Frameworks, IDE Tools (e.g.
GraphiQL),..
Avaloq Backend
GraphQL
Server
AMI
Messaging
Interface
30
node-oracledb (Oracle DB Driver for Node.js)
- maintained by Oracle Corp.
- powers high performance Oracle DB applications
- stable
- well documented
- open source
- doc: https://github.com/oracle/node-oracledb/blob/master/doc/api.md
31
GraphQL Server basic components
GraphQL Core
(per language)
lex, parse, validate,
execute queries based on Type
Definitions
Type
Definitions
(Schema)
GraphQL
Application
Code
Avaloq
+
customization
Server for GraphQL
endpoint
e.g. resolvers, DB connect
32
Who is using GraphQL
33
Final Notes
•
Step-by-Step Transition to GraphQL without breaking existing APIs
•
Start small
•
The technical integration seems to be very easy
•
The challenge is to define the right GraphQL Schema
34
The Data Loading Problem
GraphQL:
"the first true comprehensive
solution to that data loading
problem"
35
Solution
Endorsement by Angular and
React:
Angular 2:
http://dev.apollodata.com/angul
ar2/
React:
http://dev.apollodata.com/react/
36
Data Fetching No. 1 on Angular Keynote: Apollo GraphQL
37
GraphQL at GitHub
38
Before GraphQL
39
Now with GraphQL
40
Backlog / slides & links
Exploring GraphQL by Lee Byron, Facebook 2015
Zero to GraphQL in 30 Minutes – Steven Luscher
Implementing and Using GraphQL at GitHub - GitHub Universe 2016
https://githubengineering.com/the-github-graphql-api/
From REST to GraphQL (Marc-Andre Giroux) - Full Stack Fest 2016
Dan Schafer - GraphQL at Facebook at react-europe 2016
Lessons from 4 Years of GraphQL
Direct comparison REST / GraphQL in one application (start at minute 28)
GraphQL Concepts Visualized
https://loydl.ch/2017/02/03/graphql/
https://loydl.ch/2017/02/09/edoras-one-graphql-api/
41
GraphiQL in action: http://graphql.org/swapi-graphql/
Star Wars API
42