MongoDB Realm > GraphQL API
The GraphQL API operates over HTTP, which means that you can access your
exposed data using any HTTP or GraphQL client.
Realm enforces rules for all GraphQL operations, so any GraphQL HTTP request
must include an application user's login credentials or a valid access token.
To authenticate a GraphQL request as an arbitrary logged in user from any
provider, include a valid user access token as a bearer token in the request's
Authorization header:
http.post({ "url" : "https://realm.mongodb.com/api/client/v2.0/app/<yourappid-abcde>/graphql" , "headers" : { "Authorization" : "Bearer <Access Token>" }, "body" : '{"query":"query AllMovies {\n movies {\n title\n year\n }\n}"}' })
curl --location --request POST 'https://realm.mongodb.com/api/client/v2.0/app/<yourappid-abcde>/graphql' \ --header 'Authorization: Bearer <Access Token>' \ --header 'Content-Type: application/json' \ --data-raw '{"query":"query AllMovies {\n movies {\n title\n year\n }\n}"}'
Credential headers are useful for infrequent or test requests. However, we
strongly encourage you to authenticate GraphQL requests using
an Authorization Header from a
client that uses a Realm SDK.
GraphQL requests from a web browser must use an Authorization header to
avoid CORS errors .
To authenticate a GraphQL request as an email/password user, include the user's credentials in the
request's email and password headers:
http.post({ "url" : "https://realm.mongodb.com/api/client/v2.0/app/<yourappid-abcde>/graphql" , "headers" : { "email" : "<User's Email Address>" , "password" : "<User's Password>" , }, "body" : '{"query":"query AllMovies {\n movies {\n title\n year\n }\n}"}' })
curl --location --request POST 'https://realm.mongodb.com/api/client/v2.0/app/<yourappid-abcde>/graphql' \ --header 'email: <User's Email Address>' \ --header 'password: <User's Password>' \ --header 'Content-Type: application/json' \ --data-raw '{"query":"query AllMovies {\n movies {\n title\n year\n }\n}"}'
To authenticate a GraphQL request as an API Key
user, include the user or server API key in the request's apiKey header:
http.post({ "url" : "https://realm.mongodb.com/api/client/v2.0/app/<yourappid-abcde>/graphql" , "headers" : { "apiKey" : "<User or Server API Key>" }, "body" : '{"query":"query AllMovies {\n movies {\n title\n year\n }\n}"}' })
curl --location --request POST 'https://realm.mongodb.com/api/client/v2.0/app/<yourappid-abcde>/graphql' \ --header 'apiKey: <User or Server API Key>' \ --header 'Content-Type: application/json' \ --data-raw '{"query":"query AllMovies {\n movies {\n title\n year\n }\n}"}'
To authenticate a GraphQL request as a custom JWT user, include the JWT string in the request's
jwtTokenString header:
http.post({ "url" : "https://realm.mongodb.com/api/client/v2.0/app/<yourappid-abcde>/graphql" , "headers" : { "jwtTokenString" : "<User's JWT Token>" }, "body" : '{"query":"query AllMovies {\n movies {\n title\n year\n }\n}"}' })
curl --location --request POST 'https://realm.mongodb.com/api/client/v2.0/app/<yourappid-abcde>/graphql' \ --header 'jwtTokenString: <User's JWT Token>' \ --header 'Content-Type: application/json' \ --data-raw '{"query":"query AllMovies {\n movies {\n title\n year\n }\n}"}'
Give Feedback