Reading Time: 8 minutes

As part of the recent MuleSoft Omni Gateway announcement, MuleSoft has enhanced API Gateway capability to include support for GraphQL and WebSockets. Modern applications no longer communicate the way they did a decade ago. Today’s experiences, AI-powered assistants, collaborative workspaces, live financial dashboards, real-time logistics tracking, are built on two protocols that REST alone simply wasn’t designed to handle: GraphQL and WebSockets. 

Omni Gateway Support for GraphQL and WebSockets

GraphQL lets clients request exactly the data they need, eliminating the over-fetching and chatty round trips that plague complex, multi-domain APIs. WebSockets keep connections open, enabling servers to push updates the moment they happen instead of waiting to be asked. Together, they’ve become foundational to how developers build responsive, efficient, and connected applications at scale.

But as these protocols move from the edge of innovation to the center of enterprise architecture, the platforms that govern, secure, and manage APIs need to keep pace. Omni Gateway delivers on enterprise wide demands for advanced protocol support, AI specific protocols, LLM management, federation enforcement and end-to-end governance.

MuleSoft’s Anypoint Platform already has a meaningful head start with GraphQL for teams building Mule applications directly with APIkit for GraphQL scaffolds and schema-driven Mule flows to implement queries and mutations at the application layer. These capabilities have  helped organizations move toward more efficient, consumer-driven data access.

Now with Omni Gateway’s new GraphQL and WebSockets support we add GraphQL subscriptions, WebSocket transport, gateway-level policy enforcement for native GraphQL traffic. Real-time data, such as live pricing, AI agent streams, collaborative events, IoT telemetry, falls entirely outside what the APIKit handles. Delivering GraphQL and WebSocket protocols enables access to unified, strongly typed heterogeneous sources/servers.

What we’re releasing

GraphQL & WebSockets Protocols are now generally available (GA) on all deployment options of MuleSoft’s Omni Gateway, giving developers and administrators powerful solutions for deploying APIs exposing heterogeneous and homogeneous query based resources. The release supports all of the standard GraphQL capabilities:

  • Queries: Support for fetching data, including features like field selection, arguments, aliases, and fragments
  • Mutations: Support for performing write operations and state changes, ensuring transactional integrity
  • Introspection: The ability for clients to query the GraphQL schema for metadata
  • Directives: Support for standard GraphQL directives (e.g., @skip, @include)

The following WebSockets capabilities are now supported:

  • Real-time Subscriptions: The ability to establish a persistent, bi-directional connection over the WebSockets protocol to enable real-time data push for GraphQL subscriptions
  • Protocol Compliance: Adherence to common industry specifications (e.g. the graphql-ws protocol) for managing the connection lifecycle (initiation, termination, heartbeat)
  • Security Context Propagation: Seamless propagation of the client’s authentication and authorization context from the initial connection handshake to the subscription processing layer

Ensuring essential business value and operational completeness we’ve added 4 key GraphQL policies and a WebSockets policy as well:

  • GraphQL Schema Validation: Validates incoming GraphQL queries against the API GraphQL schema before forwarding them to the upstream service. This policy is critical to ensuring accurate data access and efficient and meaningful developer feedback on Schema violations
  • GraphQL Introspection Control: Controls access to the GraphQL introspection system by selectively allowing or blocking __schema, __type, and __typename meta-fields. This policy provides valuable controls around these key query operations
  • GraphQL Operation Limits: Enforces structural constraints on incoming GraphQL operations to prevent abuse and resource exhaustion. By leveraging maximum depth, maximum aliases, maximum root fields and maximum directives, administrators can put effective guard rails around GraphQL APIs
  • GraphQL Static Query Complexity: Analyzes incoming GraphQL queries against the API schema to statically calculate their complexity and reject expensive operations before they execute
  • WebSockets Maximum Connections: Limit the number of simultaneous connections per API

MuleSoft Omni Gateway GraphQL and WebSockets demo

Let’s look at the MuleSoft Omni Gateway GraphQL and WebSockets solution across Anypoint Exchange and API Manager to see how these services and policies work together:

Manage, at scale

GraphQL and WebSocket adoption is accelerating, and so are the operational challenges of managing them at scale. Omni Gateway’s new protocols allow organizations protect backends from extensive queries and connection exhaustion; unify governance across REST, GraphQL, WebSocket, gRPC, SOAP, MCP, agents, and LLMs; and deploy in minutes with existing MuleSoft infrastructure with no application code changes.

To learn more, review these resources: