-
Notifications
You must be signed in to change notification settings - Fork 15
Add data api docs #224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Liam-Doodson
wants to merge
16
commits into
neo4j:5.x
from
Liam-Doodson:Liam-Doodson/add-data-api-docs
Closed
Add data api docs #224
Changes from 10 commits
Commits
Show all changes
16 commits
Select commit
Hold shift + click to select a range
3c4dfbe
Initial data api docs
Liam-Doodson 26493ec
Add authentication provider and usage docs
Liam-Doodson 5e5be2e
Consistent naming
Liam-Doodson 7fae8f6
Add warning for using api keys in user facing clients
Liam-Doodson 663b671
Add docs on CORS
Liam-Doodson 5785102
PR comments
Liam-Doodson 02b5dd4
Apply suggestions from code review
Liam-Doodson 82f448b
Apply suggestions from code review
rsill-neo4j 7b2c1b5
Apply suggestions from code review
rsill-neo4j 814ddfd
Apply suggestions from code review
rsill-neo4j db9c22d
Apply suggestions from code review
rsill-neo4j 32f67d3
Apply suggestions from code review
rsill-neo4j 5134145
Blur data in images
Liam-Doodson 5963588
Update modules/ROOT/pages/aura-graphql-data-apis/index.adoc
Liam-Doodson 337318b
test commit with a some more blurring and crop image
rsill-neo4j ac2af74
blurred and cropped all images
rsill-neo4j File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file added
BIN
+382 KB
modules/ROOT/images/aura-graphql-data-apis/console-classic-api-keys.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+438 KB
modules/ROOT/images/aura-graphql-data-apis/unified-console-account-dropdown.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+336 KB
modules/ROOT/images/aura-graphql-data-apis/unified-console-api-keys.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+343 KB
modules/ROOT/images/aura-graphql-data-apis/unified-console-create-api-key.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
84 changes: 84 additions & 0 deletions
84
modules/ROOT/pages/aura-graphql-data-apis/authentication-providers.adoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| [[auth-providers]] | ||
| = Authentication Providers | ||
|
|
||
| GraphQL for Neo4j AuraDB allows you to use an API key, JWT token from an external identity provider or both for authentication and switch between them as needed. The authentication method is stored as an authentication provider. | ||
|
|
||
| There are advantages and disadvantages of both types. API keys are quick to start working with but do not allow for access controls and should not be used within a user facing-client application. JWKS (JSON Web Key Sets) authentication providers require an external identity provider but do allow for fine grained rules around authentication/authorization. | ||
|
|
||
| [NOTE] | ||
| ==== | ||
| `--data-api-id` is used with the `aura-cli` when working with authentication providers rather than `--graphql-api-id` as you might have expected. Conceptually a GraphQL API is a type of Data API and there may be other types in the future. Using `--data-api-id` allows for flexibility for potential future development work in this area. | ||
| ==== | ||
|
|
||
| == Create a JWKS Authentication Provider | ||
|
|
||
| Before using JWKS authentication providers, it is necessary to set up and configure an identity provider that manages users and their credentials securely, issues JWTs to authenticated users, and hosts a JWKS endpoint that is can be used to validate JWTs by the GraphQL API. There are several 3rd parties who provide this type of service, e.g Ping, Okta, Auth0 and any of the main cloud service providers. Configuration of identity providers is beyond the scope of this guide. | ||
|
|
||
| If you do use a JWKS authentication provider, then you can take advantage of fine-grained access controls using the ** xref:security/authentication.adoc[`@authentication`]/** xref:security/authorization.adoc[`@authorization`] directives of Graphql for Neo4j AuraDB. | ||
|
|
||
| [NOTE] | ||
| ==== | ||
| If you do make use of `@authentication`/`@authorization` rules, they will also be applied to requests made with API keys. We do not currently support adding claims to API keys so it is unlikely they will be able to meet the rules you specify. | ||
| ==== | ||
|
|
||
| The aura-cli is used to create a new JWKS authentication provider. You will need the JWKS URL to do this along with the ID of the GraphQL API with it’s associated AuraDB ID. | ||
|
|
||
| At a command prompt, type the following, swapping out the UPPERCASE values for your own: | ||
|
|
||
| [source, bash, indent=0] | ||
| ---- | ||
| aura-cli data-api graphql auth-provider create --data-api-id YOUR_GRAPHQL_DATA_API_ID --instance-id YOUR_AURA_INSTANCE_ID --name AUTH_PROVIDER_FRIENDLY_NAME --type jwks --url JWKS_URL | ||
| ---- | ||
|
|
||
| On success, the command will respond with details about the newly created JWKS provider. | ||
rsill-neo4j marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| == Create an API Key Authentication Provider | ||
|
|
||
| [WARNING] | ||
| ==== | ||
| If you use an API key authentication provider in a user-facing client application, you risk leaking the API key to your users. This could potential give them full access to your GraphQL API. For these usecases, we recommend using JWKS authentication providers. | ||
| ==== | ||
|
|
||
| When a new GraphQL API is created via the aura-cli, an API Key authentication provider is the default. However, if you require a new one, this command allows you to create a new API Key. | ||
|
|
||
| At a command prompt, type the following, swapping out the UPPERCASE values for your own: | ||
|
|
||
| [source, bash, indent=0] | ||
| ---- | ||
| aura-cli data-api graphql auth-provider create --data-api-id YOUR_GRAPHQL_DATA_API_ID --instance-id YOUR_AURA_INSTANCE_ID --name AUTH_PROVIDER_FRIENDLY_NAME --type api-key | ||
| ---- | ||
|
|
||
| On success, the command will respond with details about the newly created API Key. | ||
|
|
||
| [NOTE] | ||
| ==== | ||
| Make sure to record the API key shown in the response as it will not be displayed again. | ||
| ==== | ||
|
|
||
| == List Authentication Providers | ||
|
|
||
| To see the list of authentication providers for a given GraphQL API use the following, exchanging UPPERCASE values for your own. | ||
|
|
||
| [source, bash, indent=0] | ||
| ---- | ||
| aura-cli data-api graphql auth-provider list --data-api-id YOUR_GRAPHQL_DATA_API_ID --instance-id YOUR_AURA_INSTANCE_ID | ||
| ---- | ||
|
|
||
| == Delete an Authentication Provider | ||
|
|
||
| An authentication provider for a GraphQL API can be removed by deleting it. At least one enabled authentication provider is required for a GraphQL API. | ||
|
|
||
| . Find the API authentication provider ID | ||
| + | ||
| [source, bash, indent=0] | ||
| ---- | ||
| aura-cli data-api graphql auth-provider list --data-api-id YOUR_GRAPHQL_DATA_API_ID --instance-id YOUR_AURA_INSTANCE_ID --output table | ||
| ---- | ||
| + | ||
| . From the table, locate ID for the authentication provider that you wish to delete | ||
| . Delete the API key provider with this aura-cli statement | ||
| + | ||
| [source, bash, indent=0] | ||
| ---- | ||
| aura-cli data-api graphql auth-provider delete AUTH-PROVIDER-ID --data-api-id YOUR_GRAPHQL_DATA_API_ID --instance-id YOUR_AURA_INSTANCE_ID | ||
| ---- | ||
rsill-neo4j marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
81 changes: 81 additions & 0 deletions
81
modules/ROOT/pages/aura-graphql-data-apis/deploy-and-operate.adoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| = Deploy and operate | ||
|
|
||
| == Deploy a GraphQL API | ||
|
|
||
|
|
||
| Before you deploy a GraphQL API, complete the steps in xref::/aura-graphql-data-apis/prerequisites.adoc[Prerequisites]. | ||
| Make sure that you have: | ||
|
|
||
| * The ID, username and password for the AuraDB. | ||
| * A file containing the type definitions. | ||
|
|
||
| You are now ready to create the GraphQL API with the Aura CLI. | ||
| Substitute the values in `CAPITALS` to match your setup: | ||
|
|
||
| [source, bash, indent=0] | ||
| ---- | ||
| aura-cli data-api graphql create --name YOUR_FRIENDLY_NAME --instance-id YOUR_AURA_INSTANCE_ID --instance-username YOUR_AURA_INSTANCE_USER --instance-password YOUR_AURA_INSTANCE_PASSWORD --type-definitions-file | ||
| FULL_PATH_TO_YOUR_TYPE_DEFS --await | ||
| ---- | ||
|
|
||
| [NOTE] | ||
| ==== | ||
| Make sure to record the API key shown in the response as it will not be displayed again. | ||
| If the API key is lost, a new one can be created by following the steps to create a new API key auth provider in xref::/aura-graphql-data-apis/authentication-providers.adoc[Authentication providers]. | ||
| ==== | ||
|
|
||
| There are other items of note in the response: | ||
|
|
||
| * `id`: unique identifier for the GraphQL API | ||
| * `status`: tells you if the GraphQL API is ready to receive requests | ||
| * `url`: the connection address to access the GraphQL API | ||
|
|
||
| To check if the GraphQL API is ready for requests, use the Aura CLI again, changing `YOUR_AURA_INSTANCE_ID` for the ID of your aura instance. | ||
|
|
||
| [source, bash, indent=0] | ||
| ---- | ||
| aura-cli data-api graphql list --instance-id YOUR_AURA_INSTANCE_ID | ||
| ---- | ||
|
|
||
| When the status changes to `ready`, the GraphQL API is available for servicing requests. | ||
|
|
||
| == Modifying an existing GraphQL API | ||
|
|
||
| It is possible to change the configuration of an existing GraphQL API. | ||
| The following properties can be modified: | ||
|
|
||
| * Friendly name of the GraphQL API | ||
| * Username and/or password for the associated Aura instance | ||
| * Type definitions | ||
|
|
||
| To do this, use the Aura CLI update command which requires IDs of the GraphQL API and its linked AuraDB instance. | ||
| The format of this Aura CLI command is as follows: | ||
|
|
||
| [source, bash, indent=0] | ||
| ---- | ||
| aura-cli data-api graphql update YOUR_GRAPHQL_API_ID --instance-id YOUR_AURA_INSTANCE_ID <flags> | ||
| ---- | ||
|
|
||
| As the change takes a few moments to apply, check the status of the GraphQL API after performing this operation. | ||
| If the status is `updating` then the change is still being processed. | ||
| When the change is committed, the status will return to `ready`. | ||
|
|
||
| Additionally, it is possible to modify the authentication providers of GraphQL APIs. | ||
| To learn more, see xref::/aura-graphql-data-apis/authentication-providers.adoc[Authentication providers]. | ||
|
|
||
| == Deleting a GraphQL API | ||
|
|
||
| When you no longer require the GraphQL API then delete it by using the Aura CLI delete command. | ||
| This requires the Aura instance ID and the ID of the GraphQL API. | ||
|
|
||
| The format of this command is as follows: | ||
|
|
||
| [source, bash, indent=0] | ||
| ---- | ||
| aura-cli data-api graphql delete YOUR_GRAPHQL_API_ID --instance-id YOUR_AURA_INSTANCE_ID | ||
| ---- | ||
|
|
||
| [CAUTION] | ||
| ==== | ||
| There is no additional confirmation - the GraphQL API will start to be deleted as soon as you execute the command. | ||
| ==== |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| = GraphQL for Neo4j AuraDB Beta | ||
|
|
||
| Welcome to the beta release of GraphQL for Neo4j AuraDB. | ||
|
|
||
| Your feedback and insights help us refine and evolve the product and meet the needs of our users. | ||
|
|
||
| The beta release is designed to give you a first look at GraphQL for Neo4j AuraDB. | ||
| You may encounter suboptimal behavior. | ||
|
|
||
| You can help us get GraphQL for Neo4j AuraDB ready for production: | ||
|
|
||
| - *Dive in*: Explore and test its features. | ||
| - *Test the product limits*: We'd rather discover weak areas at this stage. | ||
| - *Share your experience*: Tell us what works, what doesn't, and what you'd like to see in the future. | ||
| - *Provide feedback*: Use email (`[email protected]`), our `#graphql` channel on our link:https://discord.gg/M8mTADEJ[Discord Community], or our link:https://community.neo4j.com/c/drivers-stacks/graphql/33[forums] to report issues, suggest improvements, or ask questions. | ||
Liam-Doodson marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.