With the release of Rubrik Security Cloud (RSC), our global customers can now consolidate management of their Rubrik estate to a single control plane. This significant improvement in management capabilities also allows customers to leverage the power of RSC’s GraphQL (GQL) APIs for their automation and management needs.
Why is Rubrik moving from REST to GQL?
GQL is Rubrik’s API infrastructure of choice because it is better at addressing the scalability and performance requirements for RSC.
REST APIs are common in many of today's applications due to their inherent simplicity in use — you have one endpoint that does one task. In other words, if you have X endpoint, it provides X data. However, if you only need specific information from a specific endpoint, you are unable to limit what the REST API returns; a complete data set is always returned. This phenomenon is referred to as “over-fetching.”
GQL, on the other hand, solves the over-fetching problem as it is designed to request exactly what you need, from multiple objects, down to specific fields within each entity. This level of granularity is what makes GQL extremely powerful because you are able to fetch only the data that you require, therefore limiting the amount of processing required. These savings really start to add up when performing operations at scale. At Rubrik, we have observed improvements when returning large amounts of data via a query. Additionally, because RSC provides a centralized managed environment for your entire Rubrik footprint, there is no need to run the same API commands against each individual CDM cluster to get all the data you're looking for.
If I currently use CDM REST APIs when should I start using GQL?
GQL is the next evolution for Rubrik APIs and will enable customers to get greater granularity and increased performance when interacting with the platform. To take advantage of these increased capabilities we recommended customers begin to use the GQL APIs and the power they provide immediately.
If I have REST-based scripts is there a tool to migrate my scripts to use GQL?
As each script is specific to its unique environment, there is no single tool available to translate REST-based scripts into GQL. Rubrik is looking for ways to make this transition as easy as possible. Until an option is available, we have created several resources which you can use for education, as well as examples of GQL APIs to begin the transition of your current scripts.
Examples:
The following resources are also available to assist on your journey from migrating from REST to GQL:
Rubrik YouTube Channel - GQL APIs
API and Integration - Primary API and Integration website
An Introduction to GQL - Overview of Rubrik’s GQL
GitHub - Rubrik Github site for SDKs, Sample code for download
GQL API Documentation - Rubrik GQL documentation, Usage information, Use Cases
GQL Schema - The GQL Schema for Rubrik Security Cloud
GQL vs REST: What You Need to Know - Overview of GQL vs Rest
Are there SDKs available to help me to start to use GQL APIs for automation?
Yes, there are currently SDKs for Python and GO containing automation workflows that abstract away the need to understand GQL. Additionally, Rubrik will introduce an SDK for Powershell in the near future. The SDKs will mature and functionally will be added as new features and workflows are released.
PowerShell - Coming in the future
Python - https://github.com/rubrikinc/rubrik-polaris-sdk-for-python
Go - https://github.com/rubrikinc/rubrik-polaris-sdk-for-go
Is there an API Playground for RSC similar to CDM where I can see and test the GQL APIs?
At this time there is not an API Playground similar to the one available in CDM. We do have a standalone GQL Playground utility which is available via GitHub or you can download and install plugins like the Rubrik API Code Capture (https://youtu.be/Bsp3nZDh358) or Apollo Client Chrome browser plugins.
These plugins simplify the GQL journey by displaying the underlying queries and mutations as you click through various portions of the Rubrik Security Cloud interface. In the future, we also plan to add an embedded GQL playground directly into the RSC interface which would allow customers to easily run and test API calls against their RSC environment. Additionally, you can browse the entire Rubrik Security Cloud GQL Schema at GQL Schema.
I have 3rd party automation tools what do I need to do with those?
Depending on the tools there are a few answers.
In the future, fully supported tools (such as ServiceNow, vRA) will be updated by Rubrik to support RSC.
Third-party tools–such as Exabeam or others–that only do read operations will need to be updated to authenticate via service accounts/authorization tokens and may potentially need to be modified to use GQL for RSC.
Third-party plugins that perform more intensive write operations will need to be rewritten to use GQL as well as authenticate via service account/authorization tokens.
Can I use my normal UserID/Password or SSO login to use the GQL APIs or SDKs?
Rubrik has recently introduced Mandatory TOTP Multi-Factor Authentication (MFA), please refer to the FAQ: Mandatory TOTP Multi-Factor Authentication (MFA) for additional information.
Why is Rubrik mandating MFA? Rubrik’s primary goal is to provide the most secure solution for data protection for our customers. That said, securing the platform is a joint responsibility between Rubrik and you the customer. Many of the protections are always on and do not need customer involvement, but other options require the customer to enable, configure, and deploy a feature. With the continued rise in the sophistication and velocity of attacks, we have decided that the use of MFA can no longer be optional and should be considered a “must-have” protection.
How can I get assistance with moving from REST to GQL?
There are a number of avenues to obtain assistance for gaining knowledge on GQL and migrating scripts to GQL. You can start with the Rubrik API site which offers information on GQL APIs, documentation, videos, and a wealth of additional material. You can also ask questions to our SMEs, Support Engineers, and other customers via the Rubrik Support Forum.
Finally, for a guided transition from CDM to RSC APIs and Integrations, please contact your account manager to schedule a meeting with Rubrik Professional Services.
Note: Rubrik Support does not provide development or troubleshooting assistance for scripting projects. Rubrik’s API scope of support is limited to troubleshooting and validating the functionality of individual APIs only.
For additional information please refer to the following resources or contact Rubrik Support if you need assistance.
Rubrik YouTube Channel - GQL APIs
API and Integration - Primary API and Integration website
An Introduction to GQL - Overview of Rubrik’s GQL
GitHub - Rubrik Github site for SDKs, Sample code for download
GQL API Documentation - Rubrik GQL documentation, Usage information, Use Cases
GQL Schema - The GQL Schema for Rubrik Security Cloud
GQL vs REST: What You Need to Know - Overview of GQL vs Rest
Any unreleased services or features referenced in this document are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.