How to Build Secure Multi-Tenant Graphql API on Top of Memgraph
In the recent Memgraph community call, we had the privilege of hosting Steeve Bete from Orbit. Steeve shared valuable insights on how to build a secure, multi-tenant GraphQL API on top of Memgraph.
This blog post aims to highlight the key takeaways from Steeve’s presentation. However, we encourage you to dive deeper by watching the full community call recording.
Talking point 1: Why Memgraph?
Steeve opened the call with an overview of Orbit, a fully fledged community platform. Orbit is designed to support organizations in building, managing, and measuring their community’s impact and engagement. The team at Orbit needed to navigate and analyze complex community data and that led to them using graph databases, especially Memgraph.
Orbit decided to go with Memgraph because of its ease of installation, ease of use, lightning speed, and user-friendly Memgraph Lab to visualize the overall schema of Orbit’s database.
Talking point 2: Building a GraphQL API on Memgraph
The core of Steeve’s presentation revolved around creating a GraphQL API to interact with the community graph. The API was designed to enable secure and efficient data access. Steeve uses Apollo Server and Neo4j GraphQL to bridge the gap between GraphQL queries and Cypher, Memgraph’s query language.
Follow Steeve as he explains the process with code snippets—from server setup to schema definition and resolver implementation.
Talking point 3: Overcoming Security Challenges
A significant portion of the community call was dedicated to addressing the security implication of exposing data through API. Steeve shared Orbit’s approach to API security, focusing on authentication, authorization, and data isolation strategies. By implementing JSON Web Tokens (JWT) and applying GraphQL directives, Orbit established a secure environment. With such a setup, Orbit prevents unauthorized access and ensures data privacy in multi-tenant environments.
Q&A
1. Was it challenging to integrate Memgraph with Neo4j GraphQL?
- Steeve: The initial setup required some adjustments, but recent Memgraph updates have greatly simplified the process, allowing for seamless integration.
2. Any tips for using Memgraph with GraphQL?
- Steeve: Emphasize schema design, use the Apollo dashboard for query optimization and Memgraph for performance tuning.
3. How large is the database, and how does performance scale?
- Steeve: Orbit’s Memgraph database contains around 1 million nodes and 4 million edges. And that’s a great example of how Memgraph can quickly scale and process large amounts of data.
4. Features missing from Memgraph that would be beneficial?
- Steeve: Memgraph meets our needs in Orbit. However, if we were to improve it even further, I’d say enhancements around migration tools and further development of Memgraph Lab features.
Conclusion
Steeve’s presentation offers a deep dive into using Memgraph and GraphQL for building sophisticated, secure community platforms. His insights into schema design, security best practices, and the practical application of these technologies provide valuable insights as to how our community builds with Memgraph.
We encourage you to watch the full Memgraph community call recording to see Steeve’s presentation, explore code snippets and check out the examples shared.
For those interested in building with Memgraph and GraphQL, this is how to get started - check out our GraphQL Quick Start Guide!
Additionally, checkout this GitHub repository which showcases how Orbit ensures seamless migrations with Memgraph.