Here 📚 you will learn about Mojito API Authentication.


For certain GraphQL queries/mutations, you need to set your Authorization HTTP header with your Bearer token to access it. The Bearer token is a JWT. The header must look like Authorization: Bearer <my token>. There are EndUser permissions and Admin permissions that allow access to various queries/mutations. The JWTs used as the Bearer tokens originate from Auth0.


Our system works with most identity access management systems that support OpenID connect including Auth0 and Okta. If you are just getting started, we recommend using Auth0 for our access and user management. User IDs from Auth0 are stored in our database to map to Mojito users, which are mapped to certain actions within our system (ex. bids). We recommended creating and setting up your own Auth0 account. For details, please follow the steps here.

Access Token Retrieval

In order to access certain queries and mutations, the GraphQL client connecting to the Mojito API must set the Authorization HTTP header with a Bearer token, which is a JWT generated by Auth0. Depending on your user’s role within the Mojito system, you may access certain user, marketplace, and admin queries and mutations.

HTTP Authorization Header

In order to set an authorization header, set the header below via your client.

Authorization: Bearer <jwt token from Auth0>


Right now, if there is a need to access Admin queries and mutations, ask someone with user data access to upgrade your user’s role to Admin for the organization you want to administer.