Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GraphQL for a Payments API

Sadique Ali
November 09, 2018

GraphQL for a Payments API

Sadique Ali

November 09, 2018
Tweet

Other Decks in Programming

Transcript

  1. GraphQL for a Payments API
    Challenges and Lessons
    Sadique Ali Koothumadan
    @sdqali

    View full-size slide

  2. GraphQL at Braintree is part of our ongoing platform’s
    digital transformation, which allows us to deliver an
    always improving developer and online consumer
    experience.

    View full-size slide

  3. https://graphql.braintreepayments.com

    View full-size slide

  4. Card
    API
    REST + JSON
    REST + XML
    GRPC
    Tokenize
    Tokenize
    Tokenize
    ACH
    ACH
    ACH
    Card
    Card






    JS SDK
    Python
    SDK
    Ruby SDK
    Java SDK
    Go SDK

    View full-size slide

  5. No Absolutisms

    View full-size slide

  6. Why GraphQL?

    View full-size slide

  7. • Consumers of our API are tech-savvy
    • Direct Integrations
    • Added benefits for SDKs

    View full-size slide

  8. • “Choose your payload”
    • Mobile friendly
    • Faster integration
    • Interactive tooling
    • Evolvability

    View full-size slide

  9. Technology Choices

    View full-size slide

  10. “GraphQL exists because JavaScript
    people love JSON too much”

    View full-size slide

  11. ReportEdgeResolverFactory ?

    View full-size slide

  12. ReportEdgeResolverFactory

    View full-size slide

  13. • graphql-java
    • java-dataloader
    • graphql-java-tools

    View full-size slide

  14. Schema files

    View full-size slide

  15. • cards
    • tokenize
    • report
    • merchant
    Along domain boundary?

    View full-size slide

  16. util and common are where things go
    to die.

    View full-size slide

  17. • inputs
    • types
    • queries
    • mutations
    • ...
    Along GraphQL concepts?

    View full-size slide

  18. To Relay or Not?

    View full-size slide

  19. • Consistent input structure
    • Connections and pagination
    • IDs and Refetching
    Relay goodies

    View full-size slide

  20. • /transactions/wv3e1js/close
    • /merchants/tw763ex
    IDs in the REST world

    View full-size slide

  21. • Format
    • Backwards compatibility
    Global IDs

    View full-size slide

  22. • Opaque url-safe Base64 encoded strings
    • Attach global_ids to legacy responses
    Global IDs

    View full-size slide

  23. • Certain entities won’t have Global IDs
    Global IDs

    View full-size slide

  24. Query Complexity

    View full-size slide

  25. • Assign complexity factor to entities
    • Instrumentation to enforce limit
    Max Complexity

    View full-size slide

  26. API Visibility

    View full-size slide

  27. • Server side consumers
    • Client side consumers
    • Admin panel
    • ...
    Control what consumer can see
    what

    View full-size slide

  28. • Detect consumer
    • Reject if invisible
    Visibility Instrumentation

    View full-size slide

  29. Authorization

    View full-size slide

  30. @NeedToBe(ADMIN)
    /admin-endpoint
    adminEndpoint() {
    // ...
    }
    REST

    View full-size slide

  31. type Query {
    panelData: PanelData
    }
    type PanelData {
    transactions: [Transaction], # Merchant portal
    failures: [Transaction] # Admin panel
    }
    GraphQL

    View full-size slide

  32. Design for Partial
    Success

    View full-size slide

  33. Card
    GraphQL
    API
    REST + JSON
    REST + XML
    GRPC
    Tokenize
    Tokenize
    Tokenize
    ACH
    ACH
    ACH
    Card
    Card






    View full-size slide

  34. Card
    GraphQL
    API
    REST + JSON
    REST + XML
    GRPC
    Tokenize
    Tokenize
    Tokenize
    ACH
    ACH
    ACH
    Card
    Card






    View full-size slide

  35. Card
    GraphQL
    API
    REST + JSON
    REST + XML
    GRPC
    Tokenize
    Tokenize
    Tokenize
    ACH
    ACH
    ACH
    Card
    Card






    View full-size slide

  36. Card
    GraphQL
    API
    REST + JSON
    REST + XML
    GRPC
    Tokenize
    Tokenize
    Tokenize
    ACH
    ACH
    ACH
    Card
    Card






    View full-size slide

  37. • Be comfortable serving nulls
    • Collect all the errors
    Partial successes

    View full-size slide

  38. Error handling

    View full-size slide

  39. {
    error : {
    “user_message”: “...”,
    “developer_message”: “...”,
    “details”: [{
    “code”: “...”,
    “in”: “header”,
    “at”: “authorization”
    }]
    }
    }
    REST

    View full-size slide

  40. • Represent multiple errors
    • Support legacy error codes

    View full-size slide

  41. {
    errors : [{
    message: "No report exists because there are no
    transactions on that date.",
    locations: [{
    line: 3,
    column: 5,
    }],
    path: [
    "report",
    "transactions",
    ],
    extensions: {
    errorType: "user_error",
    errorClass: "NOT_FOUND",
    }
    }]
    }

    View full-size slide

  42. Team workflow

    View full-size slide

  43. • Multiple products contributing to the schema
    • Custodians of the schema need to play a balancing
    act

    View full-size slide

  44. • Collaboration
    • Always propose schema changes first

    View full-size slide

  45. Focus on the Schema

    View full-size slide