# API

Our CMS API is built using **GraphQL** and secured **OAuth 2.0** and **OpenID Connect (OIDC)**. This combination provides a strongly typed, flexible developer experience with modern, industry-standard authentication and authorization.


## GraphQL

GraphQL is a query language for APIs that lets clients request exactly the data they need, nothing more and nothing less. 

**Key Benefits**

* **Strong typing: **A formal schema defines all available types, fields, and relationships, enabling excellent tooling, validation, and autocomplete.

* **No over-fetching or under-fetching: **Clients control the shape of responses, reducing payload sizes and unnecessary requests.

* **Single endpoint**: All queries and mutations go through one endpoint, simplifying networking and versioning.

* **Evolvable API**: New fields can be added without breaking existing clients.

[Learn more](https://graphql.org/learn/) about GraphQL.


## Authentication

We use **OAuth 2.0**, an authorization framework that allows applications to access the API on behalf of a user or service without sharing passwords.


### Getting Started

1. **Register an application** in the dashboard to obtain a client ID and client secret.

2. **Authenticate** using an OAuth 2.0 flow to obtain an access token.

3. **Send GraphQL requests** to the API endpoint with the access token in the `Authorization` header.

```
Authorization: Bearer <access_token>
```


## Tooling & Ecosystem

Because the API is GraphQL-based and standards-compliant, you can use off-the-shelf tools and libraries such as:

* Apollo Client

* Relay

* GraphiQL / GraphQL Playground

* Any OAuth 2.0 / OIDC-compatible auth library or third party Auth provider

If you are familiar with GraphQL and OAuth-based APIs, you should feel right at home. If not, the links above provide excellent starting points to get productive quickly.