When stripping a platform like Betty Blocks down to its bare bones, it's mostly a constant stream of sending and receiving data. Although we've been doing this for years through our trustworthy REST API, we decided to renew our techniques and work on a new method, setting us up for years to come.
In this release, we deployed a new data API for read operations used in the platform, using GraphQL technology.
GraphQL
Without getting too deep into the technical specs, GraphQL is an open-source data query and manipulation language for APIs, and a runtime for fulfilling queries with existing data. While this will eventually be used for every request, for now it can be used to read data.
Availability: Not all applications can use this right off the bat. Only applications on our newer clusters, where the Page Builder is available, can use the GraphQL API.
Page Builder components: Speaking of the Page Builder, we're also going to use the API for data components. E.g. the default data table. When using this component, its data is directly fetched through an API request instead of through variables on your page. More on that later.
Behavioral permissions: Not everybody should be able to see all the data, same as how our current API works. We'll support these restrictions the same way through role permissions, and expand this in the future through additional settings. Again, for now, this is only used for read operations.
Authentication profiles: One of these settings is the inclusion of Authentication profiles. Already available on Pages and Endpoints, Authentication profiles can also be used on model permissions now.
Default role: As the Page Builder components use this new API, we had to add a default (public) role to each application's model permissions. Otherwise we couldn't guarantee safe usage of the API. This default role is used only for the GraphQL API to return data on unauthenticated requests.
