API Documentation

Complete guide to using our GraphQL Authentication API

Introduction

Our API provides a comprehensive authentication system built on Apollo GraphQL and Express. It offers secure user management capabilities with JWT-based authentication and secure token refresh mechanisms.

The GraphQL Auth API is designed to be a complete solution for user authentication in modern web and mobile applications. It handles user registration, authentication, token management, and user data operations through a clean GraphQL interface.

Note: This documentation assumes you have basic familiarity with GraphQL concepts and operations. If you're new to GraphQL, we recommend reviewing the official GraphQL documentation before proceeding.

Authentication

To use this API, you'll need to follow these steps to authenticate your requests:

  1. Obtain Client Credentials

    Contact our team to receive a client ID and public key. These credentials are essential for accessing our API and ensuring secure communications.

  2. Include Headers in Requests

    All requests to the API must include the following header:

    Required Headers Copied! 
    client_id: YOUR_CLIENT_ID

  3. Decrypt Data

    Use your provided public key to decrypt sensitive data and tokens returned by the API. This ensures that your authentication tokens remain secure during transmission.

    Once you've obtained a JWT token from the signIn or signUp mutations, you should include it in subsequent requests that require authentication:

    Authorization Header Copied! 
    Authorization: Bearer YOUR_JWT_TOKEN

Token Lifecycle

Our authentication system uses JWT (JSON Web Tokens) with the following characteristics:

  • Access tokens have a limited lifespan (typically 1 hour)
  • Refresh tokens can be used to obtain new access tokens
  • Tokens contain encoded user information for stateless authentication

GraphQL Endpoint

All GraphQL operations are performed through a single endpoint:

API Endpoint Copied! 
POST https://central-auth-service.vercel.app/api

The API uses Apollo Server middleware to process GraphQL requests. All queries and mutations should be sent to this endpoint using the POST method with a JSON payload.

Important: All GraphQL operations must use POST requests. GET requests to the endpoint will return information about the API but will not process GraphQL operations.

Request Format

GraphQL requests should be formatted as follows:

Request Format Copied! 
{
  "query": "query { ... }" // or "mutation { ... }"
  "variables": { } // optional variables object
}

Queries

The API provides the following query operations:

verifyToken

Verifies the validity of a JWT token and returns the associated user information.

Query Example Copied! 
query {
  verifyToken(token: "your-jwt-token") {
    id
    email
  }
}

Parameters

Parameter Type Description
token String! JWT token to verify

generateRefreshToken

Generates a new refresh token from an existing token.

Query Example Copied! 
query {
  generateRefreshToken(token: "your-jwt-token")
}

Parameters

Parameter Type Description
token String! Existing JWT token

generateToken

Generates a new JWT token.

Query Example Copied! 
query {
  generateToken
}

sayHello

A simple test endpoint to verify API connectivity.

Query Example Copied! 
query {
  sayHello {
    message
    status
  }
}

Mutations

The API provides the following mutation operations:

signUp

Registers a new user and returns authentication tokens.

Mutation Example Copied! 
mutation {
  signUp(
    email: "user@example.com", 
    password: "secure-password"
  ) {
    access_token
    refresh_token
    message
    status
    error
  }
}

Parameters

Parameter Type Description
email String! User's email address
password String! User's password (min 8 characters)

signIn

Authenticates an existing user and returns authentication tokens.

Mutation Example Copied! 
mutation {
  signIn(
    email: "user@example.com", 
    password: "secure-password"
  ) {
    access_token
    refresh_token
    message
    status
    error
  }
}

Parameters

Parameter Type Description
email String! User's email address
password String! User's password

updateUser

Updates user information for an authenticated user.

Mutation Example Copied! 
mutation {
  updateUser(
    user_id: "user-id",
    token: "jwt-token",
    updated_data: {
      email: "new-email@example.com",
      password: "new-password"
    }
  ) {
    message
    status
    error
  }
}

Parameters

Parameter Type Description
user_id String! ID of the user to update
token String! JWT token for authentication
updated_data Object! Object containing fields to update

deleteUser

Removes a user account.

Mutation Example Copied! 
mutation {
  deleteUser(
    user_id: "user-id",
    token: "jwt-token"
  )
}

Parameters

Parameter Type Description
user_id String! ID of the user to delete
token String! JWT token for authentication

Error Handling

The API returns standardized error responses with appropriate HTTP status codes and descriptive messages to help troubleshoot issues.

Common Error Types

Authentication errors typically include:

  • Missing or invalid client ID
  • Invalid or expired tokens
  • Insufficient permissions
  • Malformed GraphQL queries
  • Validation errors in input data

Error Response Format

Error responses follow this structure:

Error Response Format Copied! 
{
  "errors": [
    {
      "message": "Error description",
      "extensions": {
        "code": "ERROR_CODE",
        "status": 400
      }
    }
  ]
}

Note: Always check the status and error fields in your response to handle errors gracefully in your application.