AIGQLUnify • Architecture patent pending
Your REST · Our Graph
Zero-Trust • AI-Powered • Federation

Easy, cyber-resilient federated data access. Now AI-smarter.

Federate data, auth, and telemetry with runtime PII masking, DSAR, and policy-aware AI prompts. Turn REST → GraphQL instantly and compose Apollo subgraphs—no rewrites, no data copies. Decisions enforced at query time.

AIGQLUnify is an architecture pattern built on the APIGQL control and data plane. Architecture patent pending; SOC 2 readiness and certification are on the roadmap.

Watch 4-min demo See how it works PDP / PEP at runtime Modernize legacy APIs
REST → GraphQL per workspace PDP decisions at field level OTEL spans → Jaeger 
query OrdersForAnalyst {
  orders {
    id
    total
    department
    userEmail   # PII
  }
}
Policy → allow: true · mask: ["userEmail"]
Trace: POST /graphql
  ↳ call: GET /orders_api/orders
  ↳ PDP:  /pdp/decision.v2
  ↳ DSAR: /compliance/:tenant/:workspace/dsar
Exported via OTLP → view in Jaeger

Built for the real world

You’ve heard “GraphQL on your database.” You’ve heard “API gateways.” You’ve heard about Apollo Federation. You’ve heard about security. What you haven’t had is all of it—integrated—without duct tape.

Most vendors optimize for neat worlds and end up with a connector zoo. Real life is messier: dozens of REST services, multiple IdPs, regulated data, and AI projects that must never bypass policy. The main challenge isn’t “give devs GraphQL over tables.” It’s stitching REST-heavy, multi-IdP, policy-constrained estates into a single, zero-trust API fabric.

  • Instant REST → GraphQL without touching your backends
  • Apollo-ready federation and subgraphs on day one
  • ABAC & field-level masking with deny-by-default at query time
  • Policy-aware AI prompts (no accidental data leakage)
  • Full telemetry: traces, metrics, and audit trails out of the box
Build

Gateway today. Subgraph tomorrow. Your call.

Federate fast. Turn REST → GraphQL instantly and compose Apollo subgraphs—no rewrites, no data copies. Generate SDL from OpenAPI, pick fields per operation, and publish a single endpoint or subgraphs.

Explore Build →
Secure

Deny by default. Allow by design.

Policy in the path. ABAC via PDP/PEP with field-level masking, multi-IdP (OIDC/SAML), and runtime decisions enforced at resolve time.

Explore Secure →
Govern

Compliance that ships itself.

DSAR lifecycle (export/delete), immutable audit stamps, schema & policy versioning, and policy-aware AI prompts so LLMs don’t leak PII.

Explore Govern →
Observe

See everything. Miss nothing.

End-to-end OpenTelemetry: traces, metrics, logs—with policy decisions embedded in spans for real auditability and fast root cause.

Explore Observe →
AI

AI that accelerates modeling and stays inside policy in real time.

Reads your OpenAPI, builds a plan, and proposes joins, SDL patches, and GraphQL queries. After helping you model the graph, it can prompt over your live response data — with policy-aware redaction — to summarize, compare, cluster, or explain results. Every suggestion includes a short rationale and a confidence badge so you can accept, tweak, or reject with full context.

Explore AI →
Architecture

Intelligent, secure federated data layer for your APIs, subgraphs, and legacy systems.

See how the control plane, data plane, and federated subgraphs sit between your REST, SOAP, and warehouse backends and your clients. The Architecture view walks through PDP/PEP at runtime, DSAR flows, and how AIGQLUnify wraps legacy services without rewrites or schema breakage.

Explore Architecture →
Endpoints

See the control & data plane URLs.

Quick reference for CP/DP base URLs, health checks, and example GraphQL and compliance endpoints.

Open API endpoints →
Compare

See where AIGQLUnify fits in your stack.

Side-by-side with Apollo, database-centric GraphQL engines (e.g., Hasura), gateways, and Mesh. Understand when to pair vs. replace, and how AIGQLUnify acts as the zero-trust API fabric over them.

Open competitive view →
FAQ

Answer the “but how does it…?”

Short answers to common questions on deployment, IdPs, data residency, and how AIGQLUnify fits with your existing gateways.

Read the FAQ →
Contact

Talk to the team.

Share your estate shape, constraints, and timelines. We’ll map AIGQLUnify to a concrete rollout plan.

Get in touch →
Watch the demo

See AIGQLUnify in action (4 min)

A quick walkthrough of the control plane, data plane, PDP decisions in spans, DSAR flows, and how the AI helpers sit inside the policy path.

Click to watch the AIGQLUnify demo on YouTube.

If the player ever misbehaves, you can always use the direct link: Open the demo in a new tab →

From pain to proof

Why a Federated, Cyber-Resilient SaaS

From pain to proof: five classic failure modes of “glue code.” AIGQLUnify collapses them into a single governed, observable runtime. Try the curl runbooks.

Open the runbooks See Policy Drift → See Version Drift → Common failure modes →
How it works

Control Plane + Data Plane + AI helpers.

The control plane ingests OpenAPI, policy, tenants, and DSAR metadata. The data plane runs a federated GraphQL endpoint with OpenTelemetry traces, PDP trimming, and AI-aware helpers wired into the same policy path.

  1. Step 1 — Bootstrap tenants & workspaces

    Create tenants and workspaces for each environment or customer. Everything in AIGQLUnify is tagged with those IDs — including DSARs, security events, and traces — so you always know who a call belongs to.

  2. Step 2 — Upload OpenAPI and generate the graph

    The control plane parses your OpenAPI YAML, discovers paths and JSON fields, suggests cross-service joins, and generates an Apollo-compatible SDL and execution plan. No resolvers to hand-write.

  3. Step 3 — Wire in PDP decisions

    For each resource, the data plane calls your PDP with subject, action, resource, and context. Obligations decide which fields exist in the query plan, which are masked in the result, and whether AI helpers are allowed to run at all.

  4. Step 4 — Run DSAR and emit security events

    Create DSAR tickets, export or delete subject data, download JSON artefacts, and stream every action as a structured security event into your SIEM — correlated with OpenTelemetry traces.

  5. Step 5 — Let AI help, without skipping policy

    Modeling helpers suggest joins, propose SDL patches, and turn natural language into GraphQL. They only ever see the graph your PDP allows, and they only run when features.ai = true in the obligations.

Ready to ship policy-aware federation?

Turn REST → GraphQL, enforce policy at query time, and see everything with OpenTelemetry.

Talk to the team Watch the demo