Authentication
How to retrieve and use a bearer token.
To connect to GraphQL, you will need an API username and password.
These are currently issued by our support staff, so please contact [email protected] and let us know your Toggle account name. You'll need to contact us from a verified email address on your Toggle account.
GraphQL uses JWT tokens to authenticate API requests. So before making any request to a protected resource, you'll need to make sure you have generated a valid token, as you'll need to include this in your authorization header on each request.
To generate your token, use your API username/password to make a request to the
loginUser
query, which will return an Authorization header containing your token:query($email:String,$username:String, $password:String!){
loginUser(email:$email,username:$username,password:$password)
{
id
}
}
Note that you can login with either an email or a username via
loginUser
.Your
Authorization
token is returned on the loginUser
response.
Token
Whenever the user wants to access a protected route or resource, the user agent should send their token in the Authorization header using the Bearer schema. The content of the header should look like the following:
Authorization: Bearer
As a token is time limited, it will require a refresh after 60 minutes.
When you make a new request and the Authorization header is returned, you should start using the new token for the next request.
You will need to programmatically update your token and store it securely in your system each time you retrieve a new token, using it until such time that it is refreshed.
If you are not authorised and you attempt to make a request to a protected query or mutation, the API will return JSON with errors.
{
"errors": [
{
"message": "Unauthorized",
"locations": [
{
"line": 2,
"column": 3
}
],
"customer_facing": false
}
]
}
It is worthwhile reading the introduction from JWT which summarises how JSON Web Tokens work for more information.
Last modified 1yr ago