rover
rover copied to clipboard
Custom introspection headers for supergraph compose
Description
The subgraphs we're working on are protected using an API key, which they read from an X-Api-Key
header. Since this header is required for introspection requests as well, we can't currently use the supergraph compose
command with our setup.
It would be awesome to be able to include custom headers with this command, similar to the graph introspect --header {header}
command.
Since different subgraphs might require different headers (or no headers at all if they use a local schema), I think it would be handy to define the headers in the supergraph.yaml
configuration. Maybe something like this?
subgraphs:
posts:
routing_url: https://example.com/graphql
schema:
subgraph_url: https://example.com/graphql
subgraph_headers:
- X-Api-Key: 123abc
# Or maybe key-value if you want to avoid messy key names.
- key: X-Api-Key
value: 123abc
Hi @thijsdaniels! Thanks for the report. We need to think of a good way to add this to supergraph compose
, but this will definitely be something we'd like to support. I am not opposed to your initial suggestion of - X-Api-Key: 123abc
. That seems like it'd serve us well.
Hi @lrlna, that's great news! If there's anything I can do to help just give me a shout :)
Just bumped with the same issue @thijsdaniels mentioned initially: API key protected APIs. Is there any workaround until the header options is supported?
Thanks
@gfviegas You could download each of the subgraph's schemas using the introspect
command, which does support the --header
option, and then use the subgraph compose
command on those downloaded schemas. I haven't tested this, but as far as I can tell it should work just fine.
@thijsdaniels' suggestion should indeed work (thanks for offering that up!) though I agree there's an evolution of the configuration format that could offer this as well. I'd suggest going with the rover subgraph introspect http://endpoint --header
option for now though, as it'd be some time before we had this ready.
@thijsdaniels could you please elaborate on that solution? from what I can see in 0.3.0, rover does not have a subgraph compose
command.
I also have this problem, would love to see a solution to this.
It would also be helpful to be able to use headers on the root subgraphs. Something like:
subgraphs:
posts:
routing_url: https://example.com/graphql
routing_headers:
- X-Api-Key: 123456
The use-case here is that I have a Federated endpoint in front of Private API subgraphs in AWS and the way I'm accessing them is via a header specifying an api gateway id for my VPN Endpoint.
We've also just stuck at this. The workaround is to manually fetch the schemas using introspect
(it supports headers) and then use schema: ./file.graphql
instead of subgraph_url: https://example.com/graphql
. It's not ideal, though.
@lrlna Is there any progress with this? This would be really helpful
I added a version of this over in #1574 (just for introspection, not in routing). It'll be a little bit as there's an upstream breaking change required to make it happen, but please leave comments if you think it should behave differently.
Basically, you can do this now:
subgraphs:
people:
routing_url: https://example.com/people
schema:
subgraph_url: https://example.com/people
introspection_headers: # Optional headers to include in introspection request
Accept: application/json # You can hard code values
Authorization: ${env.PEOPLE_AUTH_TOKEN} # Or use environment variables