# Overview

The GraphQL API provides full access to the TokenBot platform, including authentication, user management, and admin operations.

## Endpoints

| Environment | URL                                        |
| ----------- | ------------------------------------------ |
| Production  | `https://gql-api.tokenbot.com/graphql`     |
| Development | `https://gql-api-dev.tokenbot.com/graphql` |

## Authentication

The GraphQL API uses AWS AppSync with two auth modes:

1. **Cognito User Pools** — For authenticated user operations. Pass the access token from `login` in the `Authorization` header.
2. **API Key** — For public operations (register, login, forgot\_password). Pass via `x-api-key` header.

## Making Requests

```bash
curl -X POST https://gql-api.tokenbot.com/graphql \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "query { me { success data { id email } } }"
  }'
```

## Response Format

Most operations return a typed response with `success`, `data`, and optional `error`:

```json
{
  "data": {
    "me": {
      "success": true,
      "data": {
        "id": "user_123",
        "email": "user@example.com"
      }
    }
  }
}
```

## Documentation

* [Queries](https://docs.tokenbot.com/home/api-docs/graphql-api/queries) — All query operations
* [Mutations](https://docs.tokenbot.com/home/api-docs/graphql-api/mutations) — All mutation operations