GraphQL Authorization
Getting authorized and obtaining a Session Token
The first real-world usage of the API is creating a new Session Token
in order to authenticate subsequent requests and let our services know
what data is available to your account.
The playground below has three tabs showcasing the following three steps:
-
Retrieve a UserInfo object from the AuthQueries.whoami operation without a
Session token.Executing this request will return an error since the
whoamioperation expects the executing client to be already authorized. -
Log in by sending credentials to the AuthMutations.login operation.
Note that all data exchanged with DealEngine's GraphQL API is done ONLY via the HTTPS protocol. This way your credentials will never be sent in plain text over the network.
The result of this operation is a new
Session tokenyou can use in subsequent requests, like in step 3. -
Retrieve the
UserInfoagain but this time proving aSession TokenOnce logged in, all other interactions with the API expect you to send a
Session Tokenvia theAuthorizationHTTP header, like this:
Open the HTTP Headers and Query Variables panes and try
these three Getting authorized steps.