Authorization tokens
Magento provides separate token services for customers and administrators. When you request a token from one of these services, the service returns a unique access token in exchange for the username and password for a Magento account.
Magento GraphQL provides a mutation that returns a token on behalf of a logged-in customer. You must use a REST call to fetch an admin token. Use this token in the Authorization request header field for any queries and mutations. See Request headers
Customer tokens
The generateCustomerToken
mutation requires the customer email address and password in the payload, as shown in the following example:
Request:
1
2
3
4
5
mutation {
generateCustomerToken(email: "customer@example.com", password: "password") {
token
}
}
Response:
1
2
3
4
5
6
7
{
"data": {
"generateCustomerToken": {
"token": "hoyz7k697ubv5hcpq92yrtx39i7x10um"
}
}
}
Admin tokens
In Magento GraphQL, you specify an admin token only if you need to query products, categories, price rules, or other entities that are scheduled to be in a campaign (staged content). Staging is supported in Magento Commerce only. See Staging queries for more information.
Magento does not provide a GraphQL mutation that generates an admin token. You must use the GET /V1/integration/admin/token
REST endpoint instead. Generate the admin token shows how to use this endpoint.