Optional: Secure the GraphQL API
Protect the GraphQL API that you created in the previous sections by using an API key. Note that you can also use any other authorization mechanism provided by Gloo Gateway to secure your GraphQL endpoint.
-
Create an API key secret that contains an existing API key. If you want
glooctl
to create an API key for you, you can specify the--apikey-generate
flag instead of the--apikey
flag.glooctl create secret apikey my-apikey \ --apikey $API_KEY \ --apikey-labels team=gloo
-
Verify that the secret was successfully created and contains an API key. If you had Gloo Gateway generate the API key, set the value as an environment variable,
export API_KEY=<api-key-value>
.kubectl get secret my-apikey -n gloo-system -o yaml
-
Create an AuthConfig CR that uses the API key secret.
kubectl apply -f - <<EOF apiVersion: enterprise.gloo.solo.io/v1 kind: AuthConfig metadata: name: apikey-auth namespace: gloo-system spec: configs: - apiKeyAuth: headerName: api-key labelSelector: team: gloo EOF
-
Update the
default
virtual service that you previously created to reference theapikey-auth
AuthConfig.cat << EOF | kubectl apply -f - apiVersion: gateway.solo.io/v1 kind: VirtualService metadata: name: 'default' namespace: 'gloo-system' spec: virtualHost: domains: - '*' routes: - graphqlApiRef: name: bookinfo-graphql namespace: gloo-system matchers: - prefix: /graphql options: extauth: configRef: name: apikey-auth namespace: gloo-system EOF
-
Send a request to the GraphQL endpoint. Note that because you enforced API key authorization, the unauthorized request fails, and you get a
401 Unauthorized
response.curl "$(glooctl proxy url)/graphql" -H 'Content-Type: application/json' -d '{"query": "query {productsForHome {id, title, author, pages, year}}"}' -v
-
Add the API key to your request in the
-H 'api-key: $API_KEY'
header, and curl the endpoint again.curl "$(glooctl proxy url)/graphql" -H 'Content-Type: application/json' -H 'api-key: $API_KEY' -d '{"query": "query {productsForHome {id, title, author, pages, year}}"}'
Example successful response:
{"data":{"productsForHome":[{"id":"0","title":"The Comedy of Errors","author":"William Shakespeare","pages":200,"year":1595}]}}
Next steps
Now that you’ve tried out GraphQL with Gloo Gateway, check out the following pages to configure your own services for GraphQL integration.