Skip to main content


Typegate version

This is the easiest way to get started, yet it's not publicly accessible. Signing up for the private beta will be available soon.

Using Docker

Install Docker and use the following compose.yml to launch a typegate node. For multi-instance production workloads, Redis and an S3 object store provider are required but the typegate will run using in-memory stores if no SYNC_* environment variable is detected. More details can be found here. In practice you might also want to add a database or other systems that the typegate can connect to.

- "7890:7890"
- "host.docker.internal:host-gateway"
# only for dev, generate secure values for production
TG_SECRET: "a4lNi0PbEItlFZbus1oeH/+wyIxi9uH6TpL8AIqIaMBNvp7SESmuUBbfUwC0prxhGhZqHw8vMDYZAGMhSZ4fLw=="
DEBUG: "true"
# launch the containers
docker compose up --detach

# watch the typegate logs
docker compose logs typegate --follow

Internal APIs

Most of the internal APIs are still unstable, and may change without notice. If you still want to experiment with them, you can use the GraphQL introspection to discover them.

  • /typegate
  • /prisma-migration

The typegate nodes - or typegates - are the central components of the ecosystems. They build and type check typegraphs, and expose them through a HTTP/GraphQL interface. They enforce the type safety of the data flows, connect to all the runtimes and orchestrate the execution of incoming requests.

Request lifecycle

When a new request fires a trigger, the typegate orchestrates the following stages:

  1. extract the secure request context from custom authentication or JSON Web Token (JWT)
  2. retrieve cached execution plan or compute a new one
    • traverse the typegraph to create a DAG of the required types
    • optimize the DAG to reduce the number of calls to the runtimes
    • pre-compute all structural elements and data resolutions
  3. execute the plan
    • type check the arguments
    • verify lazily policies on the need
    • run the DAG execution
    • enforce the rate-limiting
    • type check the response
  4. manage metadata of the request

HTTP/GraphQL interface

For now, the typegate nodes are only accessible through HTTP/1.1 and HTTP/2. More protocols could be supported in the future. Typegates expose a GraphQL interface which is the result of a typegraph projected onto corresponding GraphQL types. While this reduces the type safety of the data flowing, it makes more interoperable thanks to the many high-quality and well-known GraphQL tooling already available. The underlying types are also exposed in order for API clients to verify the underlying types.

GraphQL, being a query language, offers a great asset for Metatype's philosophy:

  1. Efficient querying: the client can specify exactly what data it needs, reducing the amount of over- or under-fetching
  2. Flexibility: allows for retrieving multiple resources in a single request, unlike REST, which often requires multiple ones
  3. Typing: GraphQL has a built-in type system that allows for better documentation and stronger validation of the requests
  4. Improved tooling: tools and libraries around GraphQL are rapidly growing and great a development experience


Environment variables.

The following environment variables can be used to configure the typegate. SYNC_* variables have special semantics which you can read about here.

Environment variablesDescDefault
HOSTNAMEHostname that typegate is deployed on.getHostname() result.
TG_PORTTcp port to serve typegate APIs at.7890
TG_ADMIN_PASSWORDPassword use by the CLI/SDK to configure the typegate.Required
TG_SECRETSymmetric key used to encrypt cookies and other things.Required.
TMP_DIRTop-level temporary directory.$PWD/tmp
DEBUGEnable debug output and other development paths.false
TIMER_MAX_TIMEOUT_MSTimeout for custom runtime functions and other proccesses.3000
TIMER_POLICY_EVAL_RETRIESNumber of retries when evaluating policies that have timed out1
TIMER_DESTROY_RESOURCESForce abort and attempt to restart operations that did not respond after multiple retriestrue
JWT_MAX_DURATION_SECThe lifetime of generated JWT access tokens.30 * 24 * 3600
JWT_REFRESH_DURATION_SECThe lifetime of generated JWT refresh tokens.5 * 60
TRUST_PROXYWhether to accept proxy headers when resolving request contexts.false
TRUST_HEADER_IPThe header key on which to resolve request origin addresses.X-Forwarded-For
DENO_V8_FLAGSFlags for tuning the v8 javascript engine. Use the --help flag here to see what options are available.
SYNC_REDIS_URLURL to the Redis database. Must include the database number.
SYNC_REDIS_PASSWORDRedis database password, can be included in SYNC_REDIS_URL.
SYNC_S3_HOSTHostname of the S3 store.
SYNC_S3_REGIONS3 region.
SYNC_S3_ACCESS_KEYAccess key for the S3 store credentials.
SYNC_S3_SECRET_KEYAccess key secret for the S3 store credentials.
SYNC_S3_PATH_STYLEtrue or false, force path style if true.
SYNC_S3_BUCKETThe bucket to be used for the system (dedicated).