Authorize the GraphQL API

To support permission control of the GraphQL API, you should first authorize your GraphQL API so that the API can identify the current user.

Token on request header

Authorization header is usually used as the API request header whenever a user wants to access a protected route or resource.

The content format of the header is as follows: Authorization: Bearer <token>, and token is the X-Auth-Token value on browser cookie after user logs in.

UserSession params in code

You can also request data on Steedos by GraphQL API passing the userSession params like the code bellow:

var { graphql } = require('graphql');
var getSteedosSchema = require("@steedos/objectql").getSteedosSchema;
var schema = getSteedosSchema().getDataSource().getGraphQLSchema();
let query = `
query{
leads(filters:[["status", "=", "Qualified"]]){
name,
title,
status,
converted_account {
name,
rating
},
converted_contact {
name,
account{
name
}
},
converted
}
}
`;
graphql(schema, query, null, { user: userSession }).then((response) => {
console.log(response);
});

It will get predictable results that base on the current user's permissions.

Have questions about Steedos??
Contact Steedos and our technical expert will answer your questions.

Our technical experts have more than 10 years of experience in management software development, and they are always ready to help you with any questions you may have about the functionality, pricing, implementation or any other aspect of Steedos.

Steedos

Steedos is a new generation of low code platform, based on business intelligence and model driven, it can easily and easily create intelligent, mobile and personalized applications according to the needs of business departments.

Copyright © 2020 Steedos, Inc.