GraphQL

About GraphQL

• What is GraphQL? https://graphql.org

• ZEMTU’s GraphQL APIs largely stick to the Relay specifications: https://facebook.github.io/relay/graphql/connections.htm

Authentication

For client-server communication we suggest using JWTAuthentication with the user’s username and password combination. For machine-to-machine communication TokenAuthentication is the best fit.

JWT Authentication

GraphQL mutation tokenAuth with user credentials to create a long-living token. The token is valid for 14 days. After that a renewed call to tokenAuth is needed.

Now in order to access protected API you must include the Authorization HTTP header: POST / HTTP/1.1 Host: domake.io Authorization: JWT eyJ0eXAiOiJKV1QiLCJh... Content-Type: application/json;

References

• https://django-graphql-jwt.domake.io/en/stable/index.html

• https://jwt.io

Token Authentication

The token key must be included in the Authorization HTTP header. The key should be prefixed by the string literal Token, with whitespace separating the two strings. For example:

Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b

There are several possibilities to obtain the token:

• Read token from admin interface (only for users with org admin role): You can obtain the AuthToken for a user here: https://devcarsharing.zemtu.com/admin/authtoken/token/

• Get direct access to token: E.g. you get the token via secure email from an organization administrator.

References

• http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication

Reservation API

https://devcarsharing.zemtu.com/graphql

Management API

https://devcarsharing.zemtu.com/graphql