Most API gateways and API managers are focused on REST, which makes them problematic for GraphQL environments. This week Arboric was announced in its proof of concept version 0.1. Arboric is an API manager specifically dedicated to GraphQL. The Arboric API gateway is open source and free to use.
GraphQL queries typically expose a single endpoint, and typically only use HTTP POST. Traditional API gateways and managers are not built for this environment. Arboric is specifically built without query path-based metering and access controls. It's built from the ground up with GraphQL in mind.
Version 0.1 includes four capabilities. The team listed the features in a blog post announcement:
- Authentication and validation of JWT bearer tokens against a secret signing key
- Parsing of GraphQL requests
- Authorization of requests against a whitelist of roles mapped to queries/fields
- Logging of queries to InfluxDB
The next step is code clean up and a major refactor. At that time, the team hopes that Arboric will be production-ready. Participate in this project at Github.