• Authentication
  • GraphQL API
  • For Developers

    • Authentication

    In this article:

      Attention   

       

      Introduction

      In order to interact with the shops GraphQL API, you must provide appropriate credentials for authentication with each HTTP request. The way to obtain and provide these credentials is detailed in the following sections.

       

      Managing OAuth clients

      In order to generate authentication tokens, you must first create an OAuth client . This is done in the shop administration under Control panel > API:

      Click the button "Create OAuth client".

      Please note: Access tokens are valid for 24 hours.

       

      Type the desired title and click Save:

       

      The new client will now be visible in the the API overview:

      1. Show API log
      2. Edit client
      3. Close client

       

      Click the pencil icon to edit the client:

      Apart from changing the title on your client, you can also close the client permanently or generate a new client secret. Use the Client Id and Client secret (as demonstrated in the section below) to generate authentication tokens.

       

      Generating authentication tokens

      In order to generate an authentication token, make an HTTP POST request such as the following:

      
   curl --request POST \
        --data 'grant_type=client_credentials&client_id=[client-id]&client_secret=[client-secret]&scope=' \
        https://[tenant].mywebshop.io/auth/oauth/token

       

      Making authenticated requests

      After the client has obtained an API access token, it can make authenticated requests to the GraphQL API. These requests are accompanied with a header Authorization: Bearer {access_token} where {access_token} is replaced with the generated authentication token.

      Please note: Access tokens are valid for 24 hours.

      An example request using the authentication token:

      
   curl -H 'Accept: application/json' \
        -H 'Content-Type: application/json' \
        -H "Authorization: Bearer [token]" \
        --data-binary '{"query":"query{orders{data{id}}}","variables":{},"operationName":null}' \
        https://[tenant].mywebshop.io/api/graphql

       

      Making requests with Postman

      Instead of using raw curl to make authenticated requests, you can also use Postman, which will provide you with a graphical user interface and an ability to save requests for future use.

      You can find and download Postman here.

      Once installed, create a new request and set the Authorization to "Bearer Token" type, and fill in the Token field with the token generated above:

      Once done, navigate to the Body tab, and select "GraphQL" and fill in QUERY field like so:

      With this you can now perform authenticated requests against your solution.