Our CMS API is built using GraphQL and secured OAuth 2.0 and OpenID Connect (OIDC). This combination provides a strongly typed, flexible developer experience with modern, industry-standard authentication and authorization.
GraphQL is a query language for APIs that lets clients request exactly the data they need, nothing more and nothing less.
Key Benefits
-
Strong typing: A formal schema defines all available types, fields, and relationships, enabling excellent tooling, validation, and autocomplete.
-
No over-fetching or under-fetching: Clients control the shape of responses, reducing payload sizes and unnecessary requests.
-
Single endpoint: All queries and mutations go through one endpoint, simplifying networking and versioning.
-
Evolvable API: New fields can be added without breaking existing clients.
Learn more about GraphQL.
We use OAuth 2.0, an authorization framework that allows applications to access the API on behalf of a user or service without sharing passwords.
-
Register an application in the dashboard to obtain a client ID and client secret.
-
Authenticate using an OAuth 2.0 flow to obtain an access token.
-
Send GraphQL requests to the API endpoint with the access token in the
Authorizationheader.
Authorization: Bearer <access_token>Because the API is GraphQL-based and standards-compliant, you can use off-the-shelf tools and libraries such as:
-
Apollo Client
-
Relay
-
GraphiQL / GraphQL Playground
-
Any OAuth 2.0 / OIDC-compatible auth library or third party Auth provider
If you are familiar with GraphQL and OAuth-based APIs, you should feel right at home. If not, the links above provide excellent starting points to get productive quickly.