The 1o GraphQL API is available at https://playground.1o.io/graphql.
In order to access non-public resources, requests must be authenticated using PASETO tokens.
When generating a token you must satisfy the following requirements:
v2 version.local purpose.exp (Expiration) key and an iat (Issued At) key. For example:
{"exp": "2022-01-23T23:50:07Z", "iat": "2022-01-23T23:45:07Z"}
The above payload specifies that the token was issued on Jan 23rd, 2022 at 23:45 UTC and will expire on the same date at 23:50 UTC. Tokens are short-lived, so set the time to 5 minutes in the future (like in the example) or another reasonably short window.kid key, for example: {"kid": "KEY_ID"} where KEY_ID is the API key ID you received from 1o.To generate your first token, follow this guide:
A token generated as described above must be passed as a bearer token in the Authorization HTTP header when making the request:
Authorization: Bearer YOUR_GENERATED_TOKEN
When the header is correctly set you should be allowed to make authenticated GraphQL requests. Here is an example request to access an order (select the fields that you actually need):
query Example {
order(id: "008aef35-d31b-4340-a0ee-b25a3718a672") {
id
lineItems {
id
product {
id
title
price
}
}
}