Authentication
GraphQL API requires to be authenticated in order to process requests.
In order to obtain access to API resources, an API key is required to be sent along with the appropriate GraphQL query as an HTTP header - X-API-KEY
.
Keys can be created in Ergonode System Settings in the API keys tab.
Mutations
By default, the API key grants you access to queries, meaning you can only read data. If mutations(write) access is required you need to specify write access on key creation.
Limiting products catalog with segments
A regular API key provides you with access to the entire product catalog. It is also possible to limit that by assigning a segment while creating the key. If assigned the consumer will only have access to the products available in the specific segment. This also means that, if write access is granted, you'll be able only to modify the data of products available within the segment.
The only exception from that is when the product is created in batch request with further mutations - though possibly not yet part of the segment since you are the creator of it you can modify its data within this request.
API keys, due to security reasons, cannot be changed. If you require a different key just generate a new one in Ergonode settings.
Segment recalculation is an asynchronous process, therefore, sending mutations in separate requests(create and then update) can fail on update - access can not yet be granted.
The best approach for keys assigned to the segment is to create and update the product in batch mutation.
Last updated