POST to the same endpoint, with a JSON
body and a Bearer token. This page covers the request shape, a first request,
variables, and the error model, so you can call any operation in
the rest of these docs once you know how the wire looks.
Request anatomy
A request is one HTTPPOST with a JSON body of two keys, query and
variables, and two headers, Content-Type: application/json and
Authorization: Bearer YOUR_WORKSPACE_TOKEN.
A GraphQL document: one (or more)
query / mutation / fragment definitions.
For a single operation you usually send one operation and omit the operation
name. When you send several operations, give each a name and pass
"operationName" alongside query and variables.A JSON object of values for the operation’s
$variables. Pass complex or
user-supplied values here rather than string-interpolating them into query,
so the GraphQL server validates their types and you avoid injection mistakes.
Omit it (or send {}) for operations that take no arguments.Bearer followed by a workspaceToken from
Authentication. Omit only for @public operations such
as health and the token exchange.application/json. The body is always JSON, never form-encoded.data object (and, on partial failure, an
errors array, see Error responses):
A first request
Start withhealth. It is @public, so it needs no token, and
it confirms the endpoint is reachable.
cURL
me to confirm the token works and see who
you are in the workspace:
cURL
me returns the Me union; with a workspaceToken it resolves to
WorkspaceUser, which carries your role and the workspace you are scoped to
(see me for the full type and User member).
Variables
Pass$variables for any operation that takes arguments, so values are
type-checked by the server instead of string-interpolated. The
workspace.clients field takes a ClientFilters
input, an offset, a limit, and a SortBy. Send the document once with
$variables placeholders, then send the values in the variables JSON object.
cURL
clients for the full ClientFilters input and
tasks for TaskFilters. The same $variable pattern applies
to every mutation in the API, for example createClient(input: $input).
Error responses
On failure the response is JSON with anerrors array. Each entry has at least
a message, and most also carry an extensions object with a code. When the
operation failed before any data could be produced, data is null (or
omitted); when a field resolver fails mid-operation, that field is null in
data and the matching entry is in errors with a path pointing at it.
The two error shapes you will see most often:
Validation error (malformed query)
A query that references a field the type does not have fails GraphQL validation before any resolver runs.data is omitted and errors carries one entry per
invalid field, with extensions.code of GRAPHQL_VALIDATION_FAILED.
cURL
Authentication error (no token)
A resolver that requires a token (everything except@public operations like
health and the token exchange) returns UNAUTHENTICATED for that field. The
field is null in data and errors carries the entry with a path naming
the field.
cURL
The live router may also include a
stacktrace in extensions for server-side
errors. Treat it as debugging detail, not a stable contract: log it for
troubleshooting, but key your retry / surface-error logic off
extensions.code and the path.Reading errors in a client
Handle errors defensively:- Check
errorsfirst. If present, at least part of the operation failed. - When
dataisnull, the whole operation failed; surface the firsterrors[0].message. - When
datais present but a field isnull, look up the matchingpathinerrorsto know which field failed and why. - Branch on
extensions.codefor the common cases:GRAPHQL_VALIDATION_FAILED- your query is wrong; do not retry, fix the document.UNAUTHENTICATED- re-exchange your API key for a freshworkspaceToken(see Authentication) and retry once.- Other codes (for example
INTERNAL_SERVER_ERROR) - safe to retry with backoff.
Next steps
- Authentication - get the
workspaceTokenyou send asBearer. healthandme- the two queries from the first-request example above, documented in full.clientsandtasks- the workspace-scoped resources you reach throughme { ... on WorkspaceUser { workspace { ... } } }.- Uploading documents - the other wire (tus) you use to stage files before attaching them to a client.