What is GraphQL?

GraphQL is a query language that allows you, the user, to ask for very specific pieces of information from the database. Whereas REST might have you hit 3-4 different endpoints to get all the data you need, GraphQL has you construct the query to get it all in one go. All requests are POST requests to a single endpoint that are then processed by a local Hasura docker container. To determine what it is you’re trying to do, GraphQL has a leading action of query, mutation, or subscription in each message.

Authentication

Authentication is via JSON Web Tokens (JWTs) and Mythic’s API tokens. To use a JWT just specify in the headers:
apitoken: {tokenvalue}
Despite API Tokens technically having an expiration time listed in the JWT, when used as the apitoken Header value, the expiration time isn’t checked. Instead, the value itself is tracked in the Mythic database of apitoken to see if it exists, if it’s deactivated, or if it’s marked as deleted. Since these tokens don’t expire, temporarily deactivating it or deleting it is how you remove its access.