0
0
GraphqlHow-ToBeginner · 4 min read

How to Pass Token in GraphQL Request: Simple Guide

To pass a token in a GraphQL request, include it in the HTTP headers, typically using the Authorization header with a value like Bearer YOUR_TOKEN. This allows the server to authenticate the request securely.
📐

Syntax

When sending a GraphQL request, the token is usually passed in the HTTP headers. The common header used is Authorization. The value often starts with Bearer followed by a space and then the token string.

This looks like:

  • Authorization: The header key where the token is sent.
  • Bearer YOUR_TOKEN: The value format where YOUR_TOKEN is your actual token.
http
Authorization: Bearer YOUR_TOKEN
💻

Example

This example shows how to send a GraphQL query with a token using JavaScript's fetch API. The token is added in the Authorization header to authenticate the request.

javascript
const query = `
  query GetUserData {
    user {
      id
      name
    }
  }
`;

const token = 'your_token_here';

fetch('https://example.com/graphql', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${token}`
  },
  body: JSON.stringify({ query })
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Output
{ "data": { "user": { "id": "123", "name": "Alice" } } }
⚠️

Common Pitfalls

Common mistakes when passing tokens in GraphQL requests include:

  • Not including the Authorization header at all.
  • Forgetting the Bearer prefix before the token.
  • Sending the token in the request body instead of headers.
  • Using an expired or invalid token.

Always check your token format and header placement.

javascript
/* Wrong way: token in body (won't authenticate) */
fetch('https://example.com/graphql', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    query: '{ user { id name } }',
    token: 'your_token_here'
  })
});

/* Right way: token in Authorization header */
fetch('https://example.com/graphql', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer your_token_here'
  },
  body: JSON.stringify({ query: '{ user { id name } }' })
});
📊

Quick Reference

StepWhat to DoExample
1Add Authorization headerAuthorization: Bearer YOUR_TOKEN
2Set Content-Type headerContent-Type: application/json
3Send GraphQL query in body{"query": "{ user { id name } }"}
4Use fetch or HTTP clientfetch(url, { headers, body })

Key Takeaways

Always pass the token in the HTTP Authorization header using the Bearer scheme.
Do not send tokens inside the GraphQL query or variables; use headers instead.
Ensure the token is valid and not expired to avoid authentication errors.
Set Content-Type to application/json when sending GraphQL requests.
Use your HTTP client’s header options to include the token securely.

Related by keyword

How to Pass Arguments in GraphQL Query: Simple GuideQuery BasicsHow to Make a GraphQL Request: Syntax and ExampleGetting StartedHow to Query Specific Fields in GraphQL: Simple GuideQuery BasicsHow to Use Multiple Queries in One Request in GraphQLQuery BasicsHow to Use Variables in GraphQL Query: Simple GuideQuery Basics

Up next

What Is Error Format in GraphQL: Explanation and ExampleError Masking in GraphQL: What It Is and How It WorksHow to Batch Requests in GraphQL for Efficient Data FetchingHow to Cache GraphQL Queries Efficiently

More in Auth

Authentication vs Authorization in GraphQL: Key Differences and UsageHow to Add Authentication to GraphQL APIs EasilyField Level Authorization in GraphQL: How to ImplementHow to Implement Role Based Access in GraphQL