To make requests to the API, you need to authorize the user.
At the moment, we use two authorization mechanisms: cookie based authentication
and bearer token based authentication.
There are several ways to authenticate. Each one has own mutation.
After successfully executing the mutation, we will set you a
cookie session.
From the same mutation you will be able to get an authorization token and use it in further requests,
by setting the Authorization header to Bearer <token>.authenticateUserWithPhoneAndPassword
Use the
authenticateUserWithPhoneAndPassword mutation to authenticate the user.GQL-query example
CURL-query example
Response example
graphqlmutation { authenticateUserWithPhoneAndPassword(data: { phone: "+79990000000" password: "********" }) { token item { id name } } }
authenticateUserWithPassword
Authentication with email and password may be used for service users. It works the same way as
authenticateUserWithPhoneAndPassword.GQL-query example
CURL-query example
Response example
graphqlmutation { authenticateUserWithPassword(email: "e@ma.il" password: "***") { token item { id name } } }
authenticatedUser
The
authenticatedUser query helps you check your credentials and get information about the current user.GQL-query example
CURL-query example
query { authenticatedUser { name id name avatar { publicUrl __typename } phone email isAdmin __typename } }
Then, depending on whether the user is authorized or not, you can get one of the following responses:
User is not authorized
User is authorized
json{ "data": { "authenticatedUser": null } }