GraphQL authentication

Guide

Authentication is required for executing graphQL queries from your code or GraphQL IDEs of your choice. Fibery API uses simple token-based authentication. That means you need to pass your API token with every request. This token could be the same for all requests, there is no need to generate a new one each time. Your API token carries the same privileges as your user, so be sure to keep it secret.

Make sure to replace your account name, space name and token with the actual values

Curl:

# To authenticate set the Authorization header in this way:

curl -X POST "https://YOUR_ACCOUNT.fibery.io/api/graphql/space/YOUR_SPACE" \
     -H "Authorization: Token YOUR_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{"query": "{me{email}}"}'

JavaScript:

fetch(YOUR_SPACE_ENDPOINT, {
  method: 'POST',
  body: JSON.stringify({query: "{me{email}}"}),
  headers: {
    'Content-Type': `application/json`,
    'Authorization': `Token ${YOUR_TOKEN}`,
  }
});

Generate a new token

Fibery Admin can create a new token via UI. Navigate to Settings → API Keys and click Generate API key button.

Screenshot 2024-01-12 at 10.46.44 AM.png

You can also manage access tokens via the following endpoints:

GET /api/tokens — lists all access tokens that were given to current user
POST /api/tokens — creates new token for current user
DELETE /api/tokens/:token_id — deletes token by id

When accessing those endpoints you need to be authenticated 🤷. At the moment, the only option is via a cookie. So the easiest way to acquire a token is to log in into your Fibery workspace and execute the following code in the browser console:

fetch(`https://${window.location.host}/api/tokens`, { method: 'POST' })
  .then(res => res.json())
  .then(obj => console.log("Your API token:", obj.value));

The browser will set the cookie automatically.

Manage existing tokens

To retrieve your API keys, send a GET request:

fetch(`https://${window.location.host}/api/tokens`, { method: 'GET' })
  .then(res => res.json())
  .then(apiKeys => console.log(apiKeys));

To delete an API key, send a DELETE request:

fetch(`https://${window.location.host}/api/tokens/token_id`, 
  { method: 'DELETE' });