Logging into the API to access data
Just like in the client application, the GraphQL API requires users to login to gain access to see and modify their own data. Being "logged in" through the API is done by including a header in all requests which contains a special token. This token is created when a user initially logs in through the API using a mutation.
The API supports any language or module that is able to make HTTP POST requests.
The format for the authorization header needs to be {"Authorization": "Bearer <jwt>"}
The login mutation returns a short-lived JWT that will need to be refreshed periodically.
How to login using a mutation
- Query
- Result
mutation Login($email: String!, $password: String!) {
login(email: $email, password: $password) {
jwt
}
}
variables = { email: 'YOUR-EMAIL-HERE', password: 'YOUR-PASSWORD-HERE' }
{
"data": {
"login": {
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
}
}
How to creata a authorization header
Creating a authorization header
const jwt = response.data.login.jwt;
const authorization = { Authorization: 'Bearer ' + jwt };
note
Most queries and mutations require a authorization header
info
For more information, refer to the login page