Prisma1: Build mutation callback body + headers
Hello.. I've noticed that 9 times out of 10 my serverless-functions that I call via mutation callbacks are doing the same thing, massaging the data and then sending that to another API, forexample Mailgun or Onesignal or so forth.
If I had the opportunity to build the request being sent via the mutation callback directly I could eliminate almost all of my external servless functions.
kimf
All 11 comments
Hey Kim, that's a great idea. But what do you mean with parameters in this case? Is this about query parameters?
marktani
on 27 Feb 2017
Yeah, I guess, take the json that comes in and just put it another json data structure, I guess this will have to be done on your backend, but maybe you provide a template like:
headers: {聽userId: $a.variable.from.mutation.result}
body: {聽field: $another.variable.from.mutation.result }}
And the variables get replaced with real data before sending the request to the specified callback-url
kimf
on 27 Feb 2017
Additionally, we would need to supply String constants etc as well. For example in the case of Mailgun, we have to define the email subject or the API Key
marktani
on 27 Feb 2017
some additional input specifically for headers. I think a configurable basic auth header similar to Stripe would be a good best practice and starting point for authorizing outgoing webhooks instead of URL query string parameters. But even better would be a JWT that's generated that can include a value from the graphql query (user_id if its a user model mutation) and I can verify it in a custom authorizer in API Gateway and get all the benefits that come with that.
skylinezum
on 1 Mar 2017
Thanks a lot. That's really great input, @skylinezum. We'll release a new way to do this soon! 馃殌
schickling
on 1 Mar 2017
some sort of basic auth would be fantastic!
joeltello
on 3 Mar 2017
some sort of basic auth would be fantastic!
I agree! For reference, currently you can use query parameters to secure a function.
marktani
on 3 Mar 2017
@kimf If GraphQL would evolve to support data transformations such as the unfolding described in https://github.com/facebook/graphql/issues/249 we would be able to handle many cases with a simple GraphQL query. It will be a while for this to find its way to the spec, so we will introduce a more general solution in the not too distant future.
It would be helpful if you could have a look at some of the issues in the GraphQL repo and add your use case where appropriate.
sorenbs
on 3 Mar 2017
Just setting headers at this point I think would be good enough for most cases for me - since most rest api calls require some sort of authorization header
mypark
on 5 Mar 2017
But even better would be a JWT that's generated that can include a value from the graphql query
Well, sure, but I don't even need to get the graphql query: being able to access the Authorization-header of the original request and send that in the new header could do a lot already. That way, the original user/app can be verified on external services. (Sufficient in most cases for me - no need for another JWT.)
kurt-o-sys
on 21 Apr 2017
You can now set headers for webhooks directly in the Console. If you also need to modify the body that's being sent, you can use an inline function that does a POST request to your remote URL.
More information can be found in the function docs
marktani
on 23 Jun 2017
Related issues
schickling
路
3Comments
thomaswright
路
3Comments
Fi1osof
路
3Comments
tbrannam
路
3Comments
marktani
路
3Comments
Most helpful comment
some additional input specifically for headers. I think a configurable basic auth header similar to Stripe would be a good best practice and starting point for authorizing outgoing webhooks instead of URL query string parameters. But even better would be a JWT that's generated that can include a value from the graphql query (user_id if its a user model mutation) and I can verify it in a custom authorizer in API Gateway and get all the benefits that come with that.