Here 📚 you will learn about Mojito API Authentication.
Authentication
For certain GraphQL queries/mutations, you need to set your Authorization HTTP header with your Bearer token to access it. The Bearer token is a JWT. The header must look like Authorization: Bearer <my token>
. There are EndUser
permissions and Admin
permissions that allow access to various queries/mutations. The JWTs used as the Bearer tokens originate from Auth0.
Auth0
Our system works with most identity access management systems that support OpenID connect including Auth0 and Okta. If you are just getting started, we recommend using Auth0 for our access and user management. User IDs from Auth0 are stored in our database to map to Mojito users, which are mapped to certain actions within our system (ex. bids). We recommended creating and setting up your own Auth0 account. For details, please follow the steps here.
Access Token Retrieval
In order to access certain queries and mutations, the GraphQL client connecting to the Mojito API must set the Authorization
HTTP header with a Bearer
token, which is a JWT generated by Auth0. Depending on your user’s role within the Mojito system, you may access certain user, marketplace, and admin queries and mutations.
HTTP Authorization Header
In order to set an authorization header, set the header below via your client.
Authorization: Bearer <jwt token from Auth0>
Roles
Right now, if there is a need to access Admin queries and mutations, ask someone with user data access to upgrade your user’s role to Admin
for the organization you want to administer.