Skip to main content

Authentication

An unauthenticated user can use only a handful of public mutations and queries. To gain more access, session token needs to be created and used.

Creating API user key

To generate API user key you can do that at Analytics Hub or after logging into API you can use GraphQL API.

mutation GenerateUserKey {
  createUserKey {
    id
    secret
  }
}

Try in explorer

You can also use Lumar CLI to generate API user key.

Obtain session token using API user key and secret token

mutation LoginWithUserKey($secret: String!, $userKeyId: ObjectID!) {
  createSessionUsingUserKey(input: { userKeyId: $userKeyId, secret: $secret }) {
    token
  }
}

Try in explorer

Using session token

After signing in you will receive session token that will be valid for 30 days. To authenticate requests to the API send session token in HTTP header x-auth-token value.

curl -H "x-auth-token: <session token>" -XPOST https://api.lumar.io/graphql -H "Content-Type: application/json" --data-raw '{"query": "{version}"}'

Passing invalid session token will result in 401 error.