Authentication

Every API request requires a bearer token. Pass it to the SDK constructor or include it in the Authorization header.

Bearer token

Include your token in the Authorization header on every request. You can find your token under Settings > API Keys.

Bearer token in a request

curl -X POST https://api.graphcompose.io/v1/workflows \
  -H "Authorization: Bearer $GRAPH_COMPOSE_TOKEN" \
  -H "Content-Type: application/json" \
  -d @workflow.json

SDK authentication

The SDK accepts a token in the constructor. You can pass it explicitly or read it from an environment variable.

Authenticate with the SDK

import { GraphCompose } from '@graph-compose/client'

// Option 1: read from environment variable
const graph = new GraphCompose({
  token: process.env.GRAPH_COMPOSE_TOKEN
})

// Option 2: pass directly
const graph = new GraphCompose({
  token: 'your_token_here'
})

Do not expose tokens in client-side code. Use environment variables or a server-side proxy to keep tokens out of the browser.

Best practices

Store tokens in environment variables, not in source code
Never commit tokens to version control
Rotate tokens periodically and when team members leave
Use the dashboard to manage and revoke tokens

Quickstart SDK Libraries