Authentication

There are three authentication methods available to the Mindful APIs:

1. "Magic Link" user authentication

2. "M2M" machine authentication

3. "Company" scope-limited anonymous authentication

Most use cases will use standard user authentication.

"Magic Link" User Authentication

A user authentication token can be retrieved by:

Executing the sendUserLoginLink mutation on the User API. If a Mindful user exists for the supplied email address, they will receive an email with a "magic link" (containing a temporary authentication JWT in the token parameter).

POST /user HTTP/1.1
Content-Type: application/json
Host: graphql.mindfulcms.com

{"query":"mutation { sendUserLoginLink(email: \"foo@bar.baz\")"}

Executing the loginUserFromLink mutation on the User API while supplying the token from the email. This is exchanged for a longer-lived (7 days) authentication token, which you will send with subsequent requests.

POST /user HTTP/1.1
Content-Type: application/json
Host: graphql.mindfulcms.com

{"query":"mutation { loginUserFromLink (loginLinkToken: \"<token-from-magic-link>\") { value }"}

When sending a request with user authentication, send the token using Bearer authentication:

POST /user HTTP/1.1
Content-Type: application/json
X-Namespace: contoso/default
Authorization: Bearer <new-user-token>
Host: graphql.mindfulcms.com
Content-Length: 198

{"query":"query { currentUser { _id email { address } }"}

"M2M" Machine Authentication

A permanent variant of a user authentication, for use in automated processes that need authentication (such as retrieving analytics, or inserting/updating data.)

"Company" Authentication

"Company" authentication allows for anonymous visitors to access sensitive data (such as advertising metrics), but only limited in scope to specific Advertising Companies.

These tokens are generated automatically within the Mindful UI, or they can be generated manually with the Utility API's createAdvertisingCompanyAccessToken mutation.