The schema that specifies the API operations of your GraphQL server is defined in ./schema.graphql. Below are a number of operations that you can send to the API using the GraphQL Playground.
Feel free to adjust any operation by adding or removing fields. The GraphQL Playground helps you with its auto-completion and query validation features.
query {
feed {
id
title
content
published
author {
id
name
email
}
}
}See more API operations
You can send the following mutation in the Playground to sign up a new user and retrieve an authentication token for them:
mutation {
signup(name: "Sarah", email: "[email protected]", password: "HelloWorld42") {
token
}
}This mutation will log in an existing user by requesting a new authentication token for them.
mutation {
login(email: "[email protected]", password: "HelloWorld42") {
token
}
}If you seeded the database with sample data in step 2. of this README, you can use the following email and password combinations (from prisma/seed.ts) for the login mutation as well:
| Password | |
|---|---|
[email protected] |
myPassword42 |
[email protected] |
random42 |
[email protected] |
iLikeTurtles42 |
For this query, you need to make sure a valid authentication token is sent along with the Bearer-prefix in the Authorization header of the request:
{
"Authorization": "Bearer __YOUR_TOKEN__"
}With a real token, this looks similar to this:
{
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJjanAydHJyczFmczE1MGEwM3kxaWl6c285IiwiaWF0IjoxNTQzNTA5NjY1fQ.Vx6ad6DuXA0FSQVyaIngOHYVzjKwbwq45flQslnqX04"
}Inside the Playground, you can set HTTP headers in the bottom-left corner:
Once you've set the header, you can send the following query to check whether the token is valid:
{
me {
id
name
email
}
}You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground.
mutation {
createDraft(
data: {
title: "Join the Prisma Discord"
content: "https://pris.ly/discord"
}
) {
id
published
}
}You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground. The authentication token must belong to the user who created the post.
mutation {
togglePublishPost(id: __POST_ID__) {
id
published
}
}Note that you need to replace the __POST_ID__ placeholder with an actual id from a Post record in the database, e.g.5:
mutation {
togglePublishPost(id: 5) {
id
published
}
}{
feed(
searchString: "prisma"
) {
id
title
content
published
}
}You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground.
{
postById(id: __POST_ID__ ) {
id
title
content
published
}
}Note that you need to replace the __POST_ID__ placeholder with an actual id from a Post record in the database, e.g.5:
{
postById(id: 5 ) {
id
title
content
published
}
}You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground. The authentication token must belong to the user who created the post.
mutation {
deletePost(id: __POST_ID__) {
id
}
}Note that you need to replace the __POST_ID__ placeholder with an actual id from a Post record in the database, e.g.5:
mutation {
deletePost(id: 5) {
id
}
}You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground.
{
draftsByUser(
userUniqueInput: {
email: "[email protected]"
}
) {
id
title
content
published
author {
id
name
email
}
}
}In this example, you authenticate your GraphQL requests using the Authorization header field of the HTTP requests which are sent from clients to your GraphQL server. The required authentication token is returned by successful signup and login mutations.
Using the GraphQL Playground, the Authorization header can be configured in the HTTP HEADERS tab in the bottom-left corner of the GraphQL Playground. The values for the HTTP headers are defined in JSON format. Note that the authentication token needs to be sent with the Bearer -prefix:
{
"Authorization": "Bearer __YOUR_TOKEN__"
}With a "real" authentication token, it looks similar to this:
{
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJjanAydHJyczFmczE1MGEwM3kxaWl6c285IiwiaWF0IjoxNTQzNTA5NjY1fQ.Vx6ad6DuXA0FSQVyaIngOHYVzjKwbwq45flQslnqX04"
}As mentioned before, you can set HTTP headers in the bottom-left corner of the GraphQL Playground:
The following authorization rules are defined for the GraphQL API via GraphQL Shield:
| Operation name | Operation type | Rule | Description |
|---|---|---|---|
me |
Query | isAuthenticatedUser |
Requires a user to be authenticated |
draftsByUser |
Query | isAuthenticatedUser |
Requires a user to be authenticated |
postById |
Query | isAuthenticatedUser |
Requires a user to be authenticated |
createDraft |
Mutation | isAuthenticatedUser |
Requires a user to be authenticated |
deletePost |
Mutation | isPostOwner |
Requires the authenticated user to be the author of the post to be deleted |
incrementPostViewCount |
Mutation | isAuthenticatedUser |
Requires a user to be authenticated |
togglePublishPost |
Mutation | isPostOwner |
Requires the authenticated user to be the author of the post to be published/unpublished |
The isAuthenticatedUser rule requires you to send a valid authentication token. The isPostOwner rule additionaly requires the user to whom this authentication token belongs to be the author of the post on which the operation is applied.