With Graphcool, you can specify permission rules per API operation. By default, no API operation is allowed, so you'll explicitly have to create permissions for all of them. Permissions are specfied inside the service definition file under the
A single permission that's attached to an operation can express either of three things:
This depends on the authentication mechanism you're using! If you're using one of Graphcool's predefined authentication modules, you can use the
loggedInUser query which is going to return information about the currently logged in user if there is one.
Graphcool offers a very flexible authentication system. Essentially, you can develop any authentication mechanism you like using Resolver functions.
If you don't have custom requirements for your authentication, you can conveniently use an authentication mechanism that's already implemented as a Graphcool module.
There generally are two different kinds of tokens that you can use to authenticate requests:
Was this page helpful?