Cloud Login Install

3. Mutations

Now that we have attached datasources to our Query in the schema let’s try to do the same for Mutation.

1. Update Schema

type Mutation {
  addReview(text: String, userId: String): Review
  deletReview(reviewId: String): String

We’ll update the Mutatation type as above where we’ll add two operations

  • addReview: Which accepts two arguments (i.e text and userId) and adds a new review by making a POST request to http://localhost:4001/reviews endpoint, which expects something like the following in the request payload
    "id": "1", // UserId of the user posting review 
    "text": "New Review by John Doe11" // review text
  • deleteReview: Which accepts one argument (i.e reviewId), that deletes a review by making a DELETE request to http://localhost:4001/reviews/:reviewId

2. Configure datasource.

Follow these steps to configure a data source for the Mutation.

  • Navigate to schema tab in the api where you would see the split screen view of schema editor on left and list of configurable fields on right
  • Select addReview field from Mutation type
  • Select REST option
  • Set a unique datasource name
  • Set the URL as http://localhost:4001/reviews
  • Select method type as POST
  • Set request body to relay the graphql arguments to our upstream payload as follows:
  "text": "{{.arguments.text}}",
  "userId": "{{.arguments.userId}}"
  • Update the API

3. Execute mutation operation

We can now test our mutation operation with the playground in API designer using the following operation

mutation AddReview {
  addReview(text: "review using udg", userId:"1"){

That should return us the following response:

  "data": {
    "addReview": {
      "id": "e201e6f3-b582-4772-b95a-d25199b4ab82",
      "text": "review using udg"


Configure a datasource to delete a review using review id.


- For users field on type Review
- - Description :: delete review using reviewId
- - URL :: http://localhost:4001/reviews/:reviewId
- - Method :: DELETE

- Enable field mapping to map your API response 


You can find the solution for the challenge in the above video.

Now that we have a good idea how we could do CRUD operations with UDG APIs, let’s see how we can secure them using policies

This documentation is open source. Please improve it by filing issues or pull requests.