Obtaining and using an authentication token for GraphQL

In order to perform queries on the Public Content API from a graphical IDE such as GraphiQL, obtain an authentication token from the Content Delivery Token Service (which runs alongside the Discovery Service), then pass that token to GraphiQL in a request header in your requests.

Procedure

  1. First, consider how long you would like the tokens you receive to stay valid. By default, authentication tokens are valid for 300 seconds (5 minutes). In a production environment, that value serves the system well in terms of security, but in a development environment, you might want to consider increasing that value, in order not to have to request and apply a new token every 5 minutes.
  2. If you want to increase token expiration time, in the Discovery Service configuration location, open the cd_ambient_conf.xml configuration file for editing. In the Security section, find the Authentication section, which contains a TokenExpireTime child element. In that element, set the TimeInSeconds attribute to the number of seconds that you would like the token to last before it expires.
  3. Construct a POST request to send to the Token Service. Such a request has the following component parts:
    Part of the POST requestValue
    Request URL hostThe host on which the Token Service runs. This is the same host as the one used by the Discovery Service.
    Request URL portThe port number for the Token Service. This is the port number as the one used by the Discovery Service, which defaults to 8082
    Request URL path and endpoint/token.svc
    Request bodygrant_type=client_credentials&client_id=USER&client_secret=PASSWORD
    where USER and PASSWORD are valid credentials for a user who has access to the Token Service (the user name defaults to cduser , configured in the Ambient Data Framework configuration file, cd_ambient_conf.xml, of the Discovery Service).
  4. Use a web development tool such as Postman to make this POST request.
  5. Copy-paste the token from the response you get. The response is in JSON format, and the token is the value of the access_token property.
  6. Use a web development tool such as Requestly to create a rule to use this token in a header when visiting certain URLs. In the first part of your rule, ensure the creation of a header called "Authorization" with the value Bearer TOKEN, where TOKEN is the copy-pasted value of the token. In the second part of your rule, define the pattern for the request URLs to which this header should be added. The pattern should cover all GraphiQL requests, so, for example, you might specify in the rule that this header must be added to all requests for URLs that contain the string /cd/api).
  7. Repeat steps 3-6 as needed whenever your token expires.