To get a user session token, perform a login request. A successful response returns the token. You'll need to renew the user session tokens periodically because they expire when the user's session ends.
If you make a login request with code, you can use the returned user session token for subsequent requests as the bearer token in the authorization header of the request.
If you make the login request through a browser, the browser stores the token in a cookie. From that point, any request can be authenticated and authorized with the token in the cookies without resubmitting.
Mutation in GraphQL
To generate a user session token, use the following mutation:
mutation userLogin($username: String! $password: String!) {
userLogin(
input: {
userName: $username,
password: $password
}
) {
organization{
id
name
}
token
}
}
where:
$username is a variable that contains the username.$password is a variable that contains the password.
Here's an example of how to declare the query variables:
{
"username": "your_username",
"password": "your_password"
}
