Using your GraphQL API

Add x-api-key: YOUR_API_KEY to the header of the request. For example, with cURL and replacing the UPPERCASE values with those of your own:

Obtain a JWT from your identity provider. Using the JWT, add Authorization: Bearer YOUR_JWT to the headers of the request.

For example, with cURL and replacing the UPPERCASE values with those of your own:

For security reasons, browsers restrict cross-origin requests to servers. This means that by default, if you configure a web app to make a request to your GraphQL APIs from a browser, it will fail. This is because your web app is hosted at a different origin than your GraphQL API.

However, most modern browsers support Cross-Origin Resource Sharing (CORS). This involves the browser sending a "preflight" request to the server to check that it will allow the actual request. You can configure your GraphQL APIs to allow cross-origin requests from your web app by adding it to the list of allowed origins. For example, if you expect requests to be made by a web app hosted at https://example.com, this should be added to the list of allowed origins for your GraphQL API.

Use the aura-cli and the following command, replacing the UPPERCASE values as required:

Allowed origins that are no longer required can be removed with the following command, replacing the UPPERCASE values as required: