> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mythic-c2.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

## What is GraphQL?

GraphQL is a query language that allows you, the user, to ask for very specific pieces of information from the database.
Whereas REST might have you hit 3-4 different endpoints to get all the data you need, GraphQL has you construct the query to get it all in one go.

All requests are POST requests to a single endpoint that are then processed by a local [Hasura](https://hasura.io/) docker container.
To determine what it is you're trying to do, GraphQL has a leading action of `query`, `mutation`, or `subscription` in each message.

## Authentication

Authentication is via JSON Web Tokens (JWTs) and Mythic's API tokens. To use a JWT just specify in the headers:

<CodeGroup>
  ```json API Token theme={"system"}
  apitoken: {tokenvalue}
  ```
</CodeGroup>

Despite API Tokens technically having an expiration time listed in the JWT, when used as the `apitoken` Header value, the expiration time isn't checked.
Instead, the value itself is tracked in the Mythic database of `apitoken` to see if it exists, if it's deactivated, or if it's marked as deleted. Since these tokens don't expire, temporarily deactivating it or deleting it is how you remove its access.