Obtaining and using an authentication token for GraphQL
In order to perform queries on the Public Content API from a graphical IDE such as GraphiQL, obtain an authentication token from the Content Delivery Token Service (which runs alongside the Discovery Service), then pass that token to GraphiQL in a request header in your requests.
Procedure
- First, consider how long you would like the tokens you receive to stay valid. By default, authentication tokens are valid for 300 seconds (5 minutes). In a production environment, that value serves the system well in terms of security, but in a development environment, you might want to consider increasing that value, in order not to have to request and apply a new token every 5 minutes.
- If you want to increase token expiration time, in the Discovery Service configuration location, open the cd_ambient_conf.xml configuration file for editing. In the
Securitysection, find theAuthenticationsection, which contains aTokenExpireTimechild element. In that element, set theTimeInSecondsattribute to the number of seconds that you would like the token to last before it expires. - Construct a POST request to send to the Token Service. Such a request has the following component parts:
where USER and PASSWORD are valid credentials for a user who has access to the Token Service (the user name defaults to
Part of the POST request Value Request URL host The host on which the Token Service runs. This is the same host as the one used by the Discovery Service. Request URL port The port number for the Token Service. This is the port number as the one used by the Discovery Service, which defaults to 8082 Request URL path and endpoint /token.svcRequest body grant_type=client_credentials&client_id=USER&client_secret=PASSWORDcduser, configured in the Ambient Data Framework configuration file, cd_ambient_conf.xml, of the Discovery Service). - Use a web development tool such as Postman to make this POST request.
- Copy-paste the token from the response you get. The response is in JSON format, and the token is the value of the
access_tokenproperty. - Use a web development tool such as Requestly to create a rule to use this token in a header when visiting certain URLs. In the first part of your rule, ensure the creation of a header called "Authorization" with the value
Bearer TOKEN, where TOKEN is the copy-pasted value of the token. In the second part of your rule, define the pattern for the request URLs to which this header should be added. The pattern should cover all GraphiQL requests, so, for example, you might specify in the rule that this header must be added to all requests for URLs that contain the string/cd/api). - Repeat steps 3-6 as needed whenever your token expires.