# Authentication

### The Root Endpoint

REST APIs has numerous endpoints; the GraphQL API has a **single** endpoint:

```
https://api.inabit.com/graphql
```

The endpoint remains constant no matter what operation you perform.

Because GraphQL operations consist of multiline JSON, we recommend using the [Apollo Explorer](https://studio.apollographql.com/sandbox/explorer) to make GraphQL calls.

You can also use `curl` or any other HTTP-speaking library.

In REST, HTTP verbs determine the operation performed.\
In GraphQL, you'll provide a **JSON-encoded body** whether you're performing a query or a mutation, so the HTTP verb is `POST`. The exception is an introspection query, which is a simple `GET` to the endpoint.

To query GraphQL in a `curl` command, make a `POST` request with a JSON payload. The payload must contain a string called `query`:

```
curl -H "Authorization: bearer TOKEN" -X POST -d " \
 { \
   \"query\": \"query { viewer { login }}\" \
 } \
" https://api.github.com/graphql
```

{% hint style="info" %}
**Note**: The string value of `"query"` must escape newline characters or the schema will not parse it correctly. For the `POST` body, use outer double quotes and escaped inner double quotes.
{% endhint %}