User Mutations
Mutations for managing users.
createUser
Creates a new user account.
Arguments
"""
Input for creating a new user.
"""
input CreateUserInput {
"""
User's full name.
"""
name: String!
"""
User's email address.
"""
email: String!
"""
User's password.
"""
password: String!
"""
Optional list of client IDs to grant access to.
"""
client_list: [Int!]
}
Example Mutation
mutation CreateUser {
createUser(
name: "John Doe"
email: "john@example.com"
password: "secure_password"
client_list: [123, 456]
) {
id
name
email
client_list
}
}
login
Authenticates a user and returns a JWT token.
Arguments
"""
Input for user login.
"""
input LoginInput {
"""
User's email address.
"""
email: String!
"""
User's password.
"""
password: String!
}
Response
"""
Response containing JWT token.
"""
type AuthResponse {
"""
JWT token for authentication.
"""
token: String!
}
Example Mutation
mutation Login {
login(email: "john@example.com", password: "secure_password") {
token
}
}
Error Handling
Common Errors
| Error Code | Description |
|---|---|
INVALID_EMAIL | Invalid email format |
INVALID_PASSWORD | Password requirements not met |
EMAIL_EXISTS | Email already registered |
INVALID_CREDENTIALS | Wrong email or password |
Example Error Response
{
"errors": [
{
"message": "Invalid email format",
"extensions": {
"code": "INVALID_EMAIL",
"email": "invalid-email"
}
}
]
}
Best Practices
-
Password Security
- Enforce strong passwords
- Hash passwords securely
- Never store plain text
-
Email Validation
- Validate email format
- Check for duplicates
- Consider verification
-
Client Access
- Validate client IDs
- Check permissions
- Maintain access logs
-
Security
- Rate limit login attempts
- Log authentication failures
- Implement session management