Please help us getting better, by sending us feedback and your questions! If you struggle with some details in the implementation or something is unclear, just drop us a line at firstname.lastname@example.org.
This documentation is in active development mode and will change frequently.
Authentication is taking place with the help of OAuth 2.0 on the API level. So you are able to use the API in the name of a user or an app itself.
If you need any information about OAuth 2.0, we will extend this documentation. For now, please consult the official resources at oauth.net.
The following information will be provided by us:
$client_secret must be stored and transfered only via encrypted transport mechanisms.
In addition to the endpoint mentioned above, we also provide the following OAuth 2.0 related endpoints:
$base_url/oauth/authorize- Managing authorization code, following RFC 6749 (Examples: POST, DELETE)
$base_url/oauth/token- Managing Access token, following RFC 6749 (Examples: POST, DELETE)
$base_url/oauth/revoke- Revoking a token, following RFC 7009 (Example)
$base_url/oauth/introspect- OAuth 2.0 Token Introspection, following RFC 7662 (Example)
$base_url/oauth/token/info- Shows details about the token used for authentication (Example)
me- the endpoint requires an user access token
app- the endpoint requires an app access token
basic- the endpoint requires an app access token with the
Please choose your required grant flow wisely and take special care of the user credentials.
For using the
app scope on GraphQL you need to create an OAuth token with the client credentials grant flow.
Please be aware that you need to send
Each type of API is offering a Swagger based documentation. You can use this documentation during development. A link to the specific documentation can be found at the top of each API documentation.