Authentication
How to retrieve a JWT access token to perform queries and mutations in our GraphQL API
Accessing inabit API
In order to access our API capabilities and authenticate queries and mutations, you must create an API Admin.
Note - You can also decide to create an API Viewer. Doing so you will only allow you to receive API capabilities of a Viewer.
About API User Roles
Feel free to visit our user roles explanation page in the documentation to learn more about the API roles in the inabit platform, as well as the rest of the roles existing in inabit.
How to create an API Admin?
Contact inabit's support at support@inabit.com to retrieve a JWT access token for you with admin permissions.
The token has access to all relevant mutations and queries in our schema.
Import to remember: Access tokens are valid for 15 hours once they're created. if you're using an existing token that might've been expired, you'll be unauthorized to call queries and mutations and will need to retrieve a new token again.
Headers
These are the headers you insert when you authenticate to our GraphQL API root endpoint. You will always have to pass an authorization Bearer (token) for access to our queries mutations and webhooks (subscriptions) service.
Content-Type
application/json
Authorization
Bearer <token>
Retrieving Login Token
Once you've contacted inabit's support and we've created the necessary API users per your request, we'll go ahead and create an API login token for your account.
The token will be shared with you/your team across a secured channel with inabit.
This login token serves as the bearer/authorization token to call for an access token to our GraphQL API schema that you will use to authorize queries and mutations.
Login tokens are valid for 30 days and should be refreshed by your end ahead of time before expiration.
Retrieving Access Token
Once you managed to retrieve a login token, you will use it to query an access token that for security reasons, will be valid for 15 minutes - to use in your queries and mutations of the API.
Access tokens are valid for 15 minutes and should be refreshed by your end ahead of time before expiration.
How To Query an Access Token
Response:
Refreshing Existing Login Token
Before reaching the 30 day expiration time of your API user's login token, you'll need to use the following query to refresh/update the existing token.
You will then use the new login token given in the response in order to generate new access tokens and the previous token will be expired.
Refresh Login Token Query
In the variables/body of this query, you will need to insert the current existing login token as the authorization/bearer for the query.