Skip to content

Snippets for securing, transforming, and optimizing GraphQL APIs.


Notifications You must be signed in to change notification settings


Repository files navigation


StepZen Snippets

Welcome! StepZen is a unique and declarative way to build & run any-sized Graph in minutes.

Table of Contents
  1. About The Project
  2. `@transforms`
  3. `@sequence`
  4. protection
  5. `@rest` calls and responses

About the project

This repo contains .graphql (and in some case, config.yaml files) for various "self-contained" example code for doing operations in StepZen.

Getting Started

Install the StepZen command line interface.

To run these examples,

  • git clone this repo
  • Change to the right working directory.
  • run stepzen start


For more on what transforms is and how it operates within the custom @rest directive, see our documentation.

These are available in /transforms:

  • /filter shows how the response of a REST API can be filtered
  • /combineintostring shows how a new field in the return type can be created by concatenating some other fields (like address parts into one address)
  • /jsonobjectToJsonarray shows how an array of data (say coords) can be converted into an object, {"lat":, "lon",..} so that it can be fed into some other system that requires data to be expressed that way
  • /jsonobjectToJsonarray shows how an object (typically where each key is an id of a record) can be converted into an array (e.g., {"1":{"name": "john"}, "2": "jane"} can be converted to [{"id":"1", "name": "john"}, {"id":"2", name: "jane"}]), so that it can then behave well for GraphQL processing.


View the StepZen documentation on the custom directive @sequence.

These are available in /sequence:

  • /arguments shows how query arguments get passed down a sequence
  • /forLoops shows how sequence acts as a nested for loop
  • /transformsInMaterializer shows how connecting two subgraphs can invoke transformations in between. For example, the city of a customer can be fed into a weather that takes lat,lon by calling some geocoding in the sequence
  • /useOfJSON shows how, in long sequences, a new type does not have to created for every step--treat everything as JSON up to the last step, and your type system stays clean.


View the documentation for the @dbquery custom directive in the documentation.

Uses a database filled with mock data.

  • /pagination shows how to implement connection model pagination for a database.


For more information on protecting your API, see our documentation.

In /protection, you will find several subdirectories. Each contains a .graphql file, and index.graphql file and a config.yaml settings (which enables you to get extremely granular (or coarse) with protecting who can call what query/mutation).

  • /makeAllPublic shows how you can easily make all queries public.
  • /makeSomePublic shows how you can make some public, and some private (which can still be accessed using your admin or service keys)

@rest calls and responses

Where possible, we use as our REST endpoint, since it allows us to mimic lots of REST capabilities.

  • /restWithParameters shows how GraphQL query arguments are automatically added to the REST call--there is nothing for you to do!
  • /restWithConfigYaml shows how REST query parameters can also be fetched from config.yaml--this allows you to keep your SDL code separate from your secrets.
  • /postbody shows how a POST body can be automatically filled with query arguments when the Content-Type:application/x-www-form-urlencoded. This is the easiest way to send postbodies down the REST API
  • /morecomplexpost shows how a POST body can be filled with query arguments using {{.Get \"name-of-query-argument\"}} when the Content-Type:application/x-www-form-urlencoded.

union types

Union types are valuable when you have a field that can return one of several types.

  • /errorsAsData shows how to implement the "errors as data" pattern. This is useful when you want to return a field that can return either a value or an error.