Skip to content

Authentication

The GraphQL web API implements the Bearer authentication (also called token authentication) as its authentication scheme. This means that in order to access the GraphQL API, you must send your API key in the Authorization header when making a request:

1
    Authorization: Bearer <access_token>/<apikey>

The GraphQL web API also supports HTTP Basic Authentication with a API-key. You can read more about this in the Authentication article for REST/SOAP.

As of the release of Easit GO 2025.05, the GraphQL web API (and the REST web API) supports authorization with OAuth2 thru Client Credentials Flow with Microsoft Entra as the identity provider. The overall configuration and authentication flow is this:

Configuration at the identity provider

  1. Register the API to be protected as an application with the identity provider.
  2. Expose the application as a resource API so that other applications can call it.
  3. Register the application/integration that will access the API.

Registration in Easit GO

OAuth2 is administered under Admin Center > Integration > OAuth2.

  1. Register information about the identity provider and resource API by creating a new identity provider.
  2. Register information about the application/integration that should have permission to call the API by creating a new application permission.

Usage

Once registration is complete, the process works as follows:

  1. The integration sends a request to the identity provider and receives an access token.
  2. The integration includes the access token in the HTTP header when calling the Web API.
  3. The Web API validates the access token by retrieving metadata from the identity provider using the information registered in Easit GO.