GraphQL API Documentation

← Back to API Index

GraphQL Endpoint

POST /query

All GraphQL operations are sent as HTTP POST requests to /query with a JSON body containing query, optional variables, and optional operationName.

Schema

input LoginInput { email: String password: String } type LoginResponse { status: Int accessToken: String expiry: String tokenType: String lastRefresh: String tokenTTL: Int } type User { id: ID! email: String! name: String picture: String emailVerified: Boolean! } type Query { me: User! } type Mutation { Login(input: LoginInput!): LoginResponse! }

Mutations

MUTATION Login

Authenticates a user and returns a JWT access token.

Input: LoginInput

FieldTypeRequiredDescription
email String Optional The user's email address
password String Optional The user's password (plain text, hashed server-side)

Response: LoginResponse

FieldTypeDescription
status Int HTTP-style status code (e.g. 200)
accessToken String JWT bearer token
expiry String Token expiry timestamp (ISO 8601)
tokenType String Token type, typically Bearer
lastRefresh String Last refresh timestamp (ISO 8601)
tokenTTL Int Token time-to-live in seconds

Example Request

mutation { Login(input: { email: "user@example.com" password: "secret" }) { status accessToken expiry tokenType tokenTTL } }

Example Response

{ "data": { "Login": { "status": 200, "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...", "expiry": "2026-03-29T12:00:00Z", "tokenType": "Bearer", "tokenTTL": 432000 } } }

Queries

QUERY me

Returns the currently authenticated user's profile. Requires a valid JWT bearer token.

Response: User

FieldTypeRequiredDescription
id ID Required Unique user identifier
email String Required User's email address
name String Optional User's display name
picture String Optional URL of user's profile picture
emailVerified Boolean Required Whether the email has been verified

Example Request

query { me { id email name emailVerified } }

Example Response

{ "data": { "me": { "id": "550e8400-e29b-41d4-a716-446655440000", "email": "user@example.com", "name": "Jane Doe", "emailVerified": true } } }

Authorization: include the JWT token as an HTTP header: Authorization: Bearer <accessToken>