There are many pros and cons for both GraphQL and REST APIs, but one of the areas where GraphQL really shines is API composition. Taking data from multiple APIs and combining them to make something new is a key part of delivering a useful service.
Today, we're going to take a look at StepZen, a product that allows you to build GraphQL APIs composed of REST, Database, and other GraphQL sources. We'll use it to build an API endpoint that shows the price of an item in a user's local currency based on their IP address. GraphQL remains an emerging technology, and adoption is still lagging behind RESTful APIs. Kong provides the degraphql plugin which allows us to convert the GraphQL API we build with StepZen back into a REST API, which may be more comfortable for users of our API.
StepZen provides a GraphQL studio that helps you build and deploy your own GraphQL API by combining prebuilt APIs such as Accuweather, Airtable, GitHub, SpaceX, Trello, and more. In this example, we're going to combine IP-API (to convert an IP address to a geolocation) with the Frankfurter API (an exchange rate API). GraphQL studio helpfully provides some prebuilt queries to help us understand how these APIs work and how they can be combined.
The schema tab in GraphQL Studio allows you to see the data available from each API. I'd like to call your attention to the priceInCountry field in the IpApi_Location type. priceInCountry is defined as a materializer, which is a custom StepZen directive that acts like a function. priceInCountry takes arguments provided by the caller and combines them with the currency field in the current schema by calling the frankfurter_convertedAmount query to calculate a local price.
The materializer definition is included in the schema itself inside type Query, and uses JavaScript to call an API and transform the data:
We're going to use this materializer to build a query that accepts an amount, source currency, and IP address and returns the identified country code and price in that country:
We'll walk through how to run this query in the next section, but first, we need to deploy our new API.
GraphQL Studio is great, but it's not intended for production deployments. To ship our API, we need to import it as a data source into our own StepZen account using the CLI. The GraphQL endpoint URL is available in the top bar in GraphQL Studio.
To do this, we run stepzen import graphql to tell StepZen that we want to build a new API on top of an existing GraphQL API. This will generate some schema files locally based on the GraphQL endpoint URL that you provide.
Once the import completes, you can deploy your API to StepZen by running stepzen start. At this point you can visit http://localhost:5001/demo/converter to test your deployed API using the locally running StepZen query explorer. Paste the query definition above into the main editor section, and then paste the following into the Query Variables editor:
Submit your request and you'll see a response in the right-hand pane that looks like this:
When I ran stepzen start, one of the messages provided me with the URL of my new API:
Your API URL is https://hamburg.stepzen.net/demo/converter/__graphql
However, if I visit that URL I can see that my requests need to be authenticated. We want to make this a public API, but only if it's accessed through our API gateway. We can automatically add an authentication header, but first, we need to run Kong Gateway.
The quickest way to get started with Kong Gateway is to run the following command (you'll need docker installed):
This will create two Docker containers – a database to store configuration and Kong Gateway itself. Once you see the "✔ Kong is ready!" message, we can configure a route that proxies requests through to StepZen.
> Port 8001 is the administration port for Kong Gateway, while port 8000 is used to proxy requests to their destination
If you now call curl localhost:8000/price you'll see the same 401 Unauthorized error that we saw when calling the API directly.
Now Kong Gateway is proxying requests to our StepZen API, we can automatically add authentication credentials to requests flowing through the gateway. We'll use the Request Transformer plugin in Kong to add the `Authorization` header to the incoming request before forwarding it to StepZen.
First, run stepzen whoami –apikey to fetch your StepZen credentials. Configure the Request Transformer plugin with the StepZen key using the config.append.headers setting:
Once you've run the above command, you should be able to send a GraphQL query to Kong Gateway and receive a response from StepZen:
At this point, we're using Kong Gateway to proxy requests to StepZen and add authentication. It also means it's easy to add any other plugin to protect your API as the number of requests grows.
Everything we've done up until now can be done with the free version of Kong, but we're about to move on to some enterprise features. If you want to code along, make sure to apply your license to your locally running instance:
As I mentioned earlier, our existing customers are used to consuming REST APIs and aren't too familiar with how to write GraphQL queries. In order to keep things simple for them, we'll use Kong Gateway to convert our StepZen GraphQL API to a REST API using the degraphql plugin.
The degraphql plugin allows you to create traditional REST-based routing rules, map them to GraphQL queries, and forward the queries to a server. Before installing the plugin, we need to modify the existing graphql-demo service, setting the target URL to the domain-only portion of our StepZen URL.
Once this is done, we can activate the degraphql plugin on our service by providing the path to our demo endpoint in the graphql_server_path configuration option:
Once degraphql is activated, requests to our/price endpoint will return a 404 response rather than proxying to the upstream server. This is because we haven't mapped any REST requests to an underlying GraphQL query yet.
To map a path to a query, we can make a POST request to /degraphql/routes:
Note how the :ip and :amount entries in the uri parameter start with a colon. This means that the values in these segments will be passed into the query as named parameters. We can now make a normal GET request and watch as Kong makes a GraphQL request on our behalf:
Our customers can now interact with our upstream GraphQL endpoint as though it was a REST API, but there's just one thing about the response that's bothering me. GraphQL responses always contain a data key, but in our example, there's only a single key inside the data.
Let's use Kong's jq plugin to perform some post-processing on the response before responding to our caller. The jq plugin allows you to transform JSON data on request and response objects. We'll use a short jq operation to return everything inside the .data key:
Once this plugin is installed, you can make a request to /price/gbp once again and see the transformed response:
We set out to compose an API from multiple different sources, then expose that as a simple REST endpoint for consumers. Using a combination of StepZen's materializers and Kong Gateway plugins, we've managed to deliver exactly what our consumers need without adding a single line of code to our application.
If you're interested in building something similar, you can get started with StepZen and learn more about Kong Gateway. If you've got any questions, I'd love to hear them on Twitter – you can find me at @mheap
Meet Emily. She’s an API product manager at ACME, Inc., an ecommerce company that runs on dozens of APIs. One morning, her team lead asks a simple question: “Who’s our top API consumer, and which of your APIs are causing the most issues right now?”
Ever feel like you're fighting an uphill battle with your API strategy? You're building APIs faster than ever, but somehow everything feels harder. Wasn’t API-first supposed to make all this easier? Well, you're not alone. And now industry analys
It’s been almost a year since we released our Konnect Terraform provider . In that time we’ve seen over 300,000 installs, have 1.7 times as many resources available, and have expanded the provider to include data sources to enable federated managem
In the last two parts of this series, we discussed How to Strengthen a ReAct AI Agent with Kong AI Gateway and How to Build a Single-LLM AI Agent with Kong AI Gateway and LangGraph . In this third and final part, we're going to evolve the AI Agen
In my previous post, we discussed how we can implement a basic AI Agent with Kong AI Gateway. In part two of this series, we're going to review LangGraph fundamentals, rewrite the AI Agent and explore how Kong AI Gateway can be used to protect an LLM
This is part one of a series exploring how Kong AI Gateway can be used in an AI Agent development with LangGraph. The series comprises three parts: Basic ReAct AI Agent with Kong AI Gateway Single LLM ReAct AI Agent with Kong AI Gateway and LangGr
What Is RAG, and Why Should You Use It? RAG (Retrieval-Augmented Generation) is not a new concept in AI, and unsurprisingly, when talking to companies, everyone seems to have their own interpretation of how to implement it. So, let’s start with a r