I have a locally-hosted instance of Magento and am testing out the GraphQL capabilities using postman.
I understand that I need to pass the access token via the Authorization header as a bearer token.
However, when I create a query in postman, the api always returns data whether I pass the authorization header or not. For instance,
query Categories {
categories(filters: { parent_id: { eq: "2" } }) {
items {
id
name
path
}
}
}
Is it because the category entity type does not need authorization? If that is the case then is there a list of which types do require authorization?
Additionally, I have been unable to return an example product when I would expect to be able to, for instance:
query Products {
products(filter: { sku: { eq: "24-MB01" } }) {
total_count
}
}
Is it likely that that is because that query does require authorization which is not working for whatever reason?
tl;dr – how do test whether authorization is working and being passed correctly?
thanks 🙂