What is GraphQL?
GraphQL is a query language that allows you, the user, to ask for very specific pieces of information from the database. Whereas REST might have you hit 3-4 different endpoints to get all the data you need, GraphQL has you construct the query to get it all in one go. All requests are POST requests to a single endpoint that are then processed by a local Hasura docker container. To determine what it is you’re trying to do, GraphQL has a leading action ofquery
, mutation
, or subscription
in each message.
Authentication
Authentication is via JSON Web Tokens (JWTs) and Mythic’s API tokens. To use a JWT just specify in the headers:apitoken
Header value, the expiration time isn’t checked.
Instead, the value itself is tracked in the Mythic database of apitoken
to see if it exists, if it’s deactivated, or if it’s marked as deleted. Since these tokens don’t expire, temporarily deactivating it or deleting it is how you remove its access.