search

pageballoon / headstart

Decoupled GraphQL-driven content management using OctoberCMS
https://octobercms.com/plugin/nocio-headstart
MIT License
7 stars 2 forks source link

How to make my api endpoint secure with a token? #7

Closed MichaelBrauner closed 4 years ago

MichaelBrauner commented 4 years ago

I want to build a gatsby site with octobercms and headstart. But when I do mutations, I have to secure the endpoint in some way?

How is the approach to this?

frthjf commented 4 years ago

Hi @Slowwie, You can install Headstart's JWTAuth template that provides the Schema for this OctoberCMS JWT plugin (make sure to install it first). This handles cookie based JWT authentication and provides an authentication middleware.

You can then protect any of your endpoints (Mutation or Query) using that middleware, for example:

extend type Mutation @middleware(checks: ["auth:api"]) {
    test: Int!
}

You are of course free to use other middleware / authentication providers.

Hope that helps.

MichaelBrauner commented 4 years ago

Ok, that sounds great. I will give it a try.