Authentication

The External API uses JWT bearer tokens. You exchange a clientId and secret for a JWT, then send the JWT on every subsequent request.

Get a JWT

Run the mutation below — fill in your clientId and secret in the variables, click Run, then Save as JWT to store the token for use by other interactive examples in these docs.

mutation authenticate($input: AuthenticateInput!) {
authenticate(input: $input) {
  authenticationPayload {
    jwt
  }
}
}

Use the JWT

Send the token as a Bearer credential on every request:

POST /graphql
Authorization: Bearer eyJhbGciOi...
Content-Type: application/json

{ "query": "{ ... }" }

The runnable examples elsewhere in these docs read the saved JWT from your browser's localStorage automatically.

Get a JWT​

Use the JWT​

Get a JWT

Use the JWT