Contracts Overview
Deliver different subsets of your supergraph to different consumers
A unified supergraph provides a single source of truth for your organization's data. That data likely has different consumers with different needs and permissions. GraphOS contracts enable you to deliver different subsets of your supergraph to different consumers.
Each contract can include different fields and types from each subgraph.
Benefits of contracts
Contracts offer these benefits:
Selective data access: Supergraphs often contain a wide range of data, including information that's irrelevant to specific audiences. Contracts declaratively grant access to specific subsets of the supergraph, so graph consumers only access relevant data.
Data security and privacy: Contracts bolster data security and privacy by enabling the exclusion of confidential data from certain consumers. This ensures that only authorized parties can access sensitive data.
Documentation and guidance: Contracts provide documentation to client developers. Contract-specific documentation helps developers better understand and more easily interact with the data they are authorized to access.
How contracts work
Each contract filters specific portions of your supergraph's schema into a different GraphOS variant:
Contracts are created by adding @tag
directives to your subgraph schemas. @tag
s declare which types and fields to include or exclude from specific contract variants.
1type Product {
2 id: ID!
3 name: String!
4 codename: String! @tag(name: "internal")
5}
1type Product {
2 id: ID!
3 name: String!
4 # codename field is filtered out of this contract variant
5}
In the above example, a contract excludes types and fields marked with the internal
@tag
. The resulting contract schema defines a tailored GraphQL API for external audiences.
How to use contracts
You usually create a contract to support a contract router, contract documentation, or both.
Contract routers
You can deploy a managed instance of your graph router that uses a contract schema. Clients that use a contract router's endpoint can only execute GraphQL operations that the contract schema supports:
This enables you to hide experimental types and fields still in development or limit a particular audience's access to only the portions of the graph they need.
Contract routers can safely connect to the same subgraph instances as any other router because their clients can only interact with data represented in the contract schema. This does not affect internal routing. For example, filtered fields can still be used in a @requires
selection set.
@tag
in a source variant's supergraph schema is also present in a contract variant's supergraph schema.Contract documentation
In GraphOS Studio, each contract variant has its own README, schema reference, and Explorer. If you make a contract variant public, you can provide these resources to external client developers to help them interact with a specific portion of your graph while omitting irrelevant types and fields.
Federation 1 limitations
Contracts behave slightly differently depending on which version of Apollo Federation your graph uses—either Federation 1 or Federation 2. Most importantly, graphs that use Federation 1 cannot use @tag
s to exclude the following from a contract schema:
Custom scalar types (default scalar types can never be excluded in Federation 1)
Enum types or their values
Input types or their fields
Arguments of object fields or interface fields
Contracts and Federation 2
To create a contract variant that uses Federation 2, the contract's source variant must also use Federation 2. Learn how to move an existing variant to Federation 2.
Moving an existing contract to Federation 2
If a Federation 1 source variant already has one or more associated contracts, it isn't possible to move that variant or its contract variants to Federation 2. Instead, you need to delete and recreate your contract variants with the following steps:
Click to expand
- Identify the source variant you want to move to Federation 2.
- Save the details for each of that source variant's existing contract variants, most importantly each variant's associated filters.
- Delete all the source variant's existing contract variants.
- Now that the source variant has no associated contracts, you can configure it to use Federation 2 composition. Learn how.
- Recreate your deleted contract variants, which will now use Federation 2 composition like the modified source variant.
Related resources
- If you're an enterprise customer looking for more material on this topic, take the Enterprise best practices: Contracts course on Odyssey.
- Learn about contract usage patterns.