Connecting Remotely

You might sometimes need to connect to your GraphQL endpoint (typically accessible at from outside your app.


You can make authorized requests to your GraphQL endpoint by defining an arbitrary vulcan.apiKey setting in your settings.json file (make sure to keep it private by keeping it out of the public block), and then including an apikey header whose value matches that API key:

"vulcan": {
"apiKey": "123foo"

Any request made with that header will automatically be granted admin privileges.

Authenticating as a User

Another way to perform remote API queries and mutations with special privilages is to emulate one of your app’s users. You can do so by reusing their authorization token.

To figure out the token, log in as the user you want to emulate and inspect any graphql request using your devtools’ Network tab. In the Headers tab, locate the Authorization field of the Request Headers group and make a note of its value.

This is the header and token you’ll need to set when making your API call to the GraphQL endpoint. You can test it using a tool such as GraphQL Playground

In GraphQL Playground, select the “HTTP Headers” tab and type in (replacing the value with your own token):

{ "Authorization": "JKdsfahyvfHvsdf234s59pNbHGH7Z2fadsdrfCmR8WimItX" }

GraphQL Clients

You can send your GraphQL request as a plain text string (inspect the Request Payload object in your devtools’ Network tab to see what that looks like) or you can use a GraphQL client to perform the request.

Here are a few options:

Edit on GitHub