Skip to main content

Authentication

An unauthenticated user can use only a handful of public mutations and queries. To gain more access, session token needs to be created and used.

Creating API user key​

To generate API user key you can do that at Analytics Hub or after logging into API you can use GraphQL API.

mutation GenerateUserKey {
  createUserKey {
    id
    secret
  }
}

Try in explorer

Obtain session token using API user key and secret token​

mutation LoginWithUserKey($secret: String!, $userKeyId: ObjectID!) {
  createSessionUsingUserKey(input: { userKeyId: $userKeyId, secret: $secret }) {
    token
  }
}

Try in explorer

Using session token​

After signing in you will receive session token that will be valid for 30 days. To authenticate requests to the API send session token in HTTP header x-auth-token value.

curl -H "x-auth-token: <session token>" -XPOST https://api.lumar.io/graphql -H "Content-Type: application/json" --data-raw '{"query": "{version}"}'

Passing invalid session token will result in 401 error.