# GraphQL

As **FastAPI** is based on the **ASGI** standard, it's very easy to integrate any **GraphQL** library also compatible with ASGI.

You can combine normal FastAPI *path operations* with GraphQL on the same application.

/// tip

**GraphQL** solves some very specific use cases.

It has **advantages** and **disadvantages** when compared to common **web APIs**.

            ASN1TaggedObject mechToken = ASN1Util.as(ASN1TaggedObject.class, stream.readObject());
            if ( mechToken == null || mechToken.getTagClass() != BERTags.APPLICATION ||
                    !(mechToken.getBaseObject() instanceof ASN1Sequence) )
                throw new PACDecodingException("Malformed kerberos token");

N§MetaSys ¼x-minio-internal-inline-dataÄ true§MetaUsr‚¬content-type¸application/octet-stream¤etagÙ 9fe7a344ef4227d3e537¡vÎeçnÐÄ$•Ä sÉöQð#Ef° ÌS Û|âÓ ¹ôb Îf­Ä ñ.È´ Å Mƒ¤Type ¥V2ObjÞ ¢IDÄ sÉöQð#Ef° ÌS Û|â¤DDirÄ #" ‘³sF"¥ URÄ,C ¦EcAlgo £EcM £EcN §EcBSizeÒ §EcIndex ¦EcDist” ¨CSumAlgo ¨PartNums‘ ©PartETagsÀ©PartSizes‘Ñ äªPartASizes‘Ñ ä¤SizeÑ ä¥MTimeÓ ¹ôb Îf­§MetaSys ¼x-minio-internal-inline-dataÄ true§MetaUsr‚¬content-type¸application/octet-stream¤etagÙ 9fe7a344ef4227d3e537¡vÎeçnÐÎÍ 0Ø ‚Ù$73c9f651-f02...

                "get": {
                    "responses": {
                        "200": {
                            "description": "Successful Response",
                            "content": {"application/json": {"schema": {}}},
                        }
                    },
                    "summary": "Read Current User",
                    "operationId": "read_current_user_users_me_get",

			Sensitive:   true,
			Type:        "string",
			Secret:      true,
		},
		config.HelpKV{
			Key:         RolePolicy,
			Description: `Set the IAM access policies applicable to this client application and IDP e.g. "app-bucket-write,app-bucket-list"` + defaultHelpPostfix(RolePolicy),
			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         ClaimName,

                        Curl.post(url).header("Authorization", "Bearer " + user.getAuthenticationResult().getAccessToken())
                                .header("Accept", "application/json").header("Content-type", "application/json")
                                .body("{\"securityEnabledOnly\":false}").execute()) {
                    final Map<String, Object> contentMap = response.getContent(OpenSearchCurl.jsonParser());

## Use `CORSMiddleware`

You can configure it in your **FastAPI** application using the `CORSMiddleware`.

* Import `CORSMiddleware`.
* Create a list of allowed origins (as strings).
* Add it as a "middleware" to your **FastAPI** application.

You can also specify whether your backend allows:

* Credentials (Authorization headers, Cookies, etc).

func (a *Args) Validate() error {
	req, err := http.NewRequest(http.MethodPost, a.URL.String(), bytes.NewReader([]byte("")))
	if err != nil {
		return err
	}

	req.Header.Set("Content-Type", "application/json")
	if a.AuthToken != "" {
		req.Header.Set("Authorization", a.AuthToken)
	}

	client := &http.Client{Transport: a.Transport}
	resp, err := client.Do(req)
	if err != nil {
		return err
	}

        def fetch_credentials():
            # HTTP headers are case insensitive filter out
            # all duplicate headers and pick one.
            headers = {}
            headers['content-type'] = 'application/x-www-form-urlencoded'
            headers['authorization'] = urllib3.make_headers(
                basic_auth='%s:%s' % (self.cid, self.csec))['authorization']

            response = self._http.urlopen('POST', self.idp_ep,

Você pode declarar vários parâmetros `File` e `Form` em uma *operação de caminho*, mas não é possível declarar campos `Body` para receber como JSON, pois a requisição terá o corpo codificado usando `multipart/form-data` ao invés de `application/json`.

Isso não é uma limitação do **FastAPI** , é parte do protocolo HTTP.

///

## Recapitulando