{"id":"graphql-transport-contract","title":"GraphQL transport contract","description":"Connect to the shared GraphQL transport with bearer authentication and tenant scoping, without publishing the full schema or operation inventory.","lastUpdated":"2026-03-23","sections":[{"id":"graphql-transport","title":"POST /graphql · Use the shared GraphQL transport","content":"Route: POST /graphql\nHost: https://api.knogin.com\nAuth: Bearer token\nAudience: External integrators\nStability: Stable\n\nConnect to the GraphQL endpoint with bearer tokens and tenant scoping, while operation bundles remain curated and access-controlled.\n\nIntegration notes:\n- Public documentation covers transport, headers, tenancy, and error handling only.\n- Schema dumps, playground access, introspection guidance, and unpublished operations are excluded from the public contract.\n- Approved partners receive curated operation bundles tied to explicit integration workflows.","codeExamples":[{"language":"bash","code":"curl -X POST https://api.knogin.com/graphql \\\n  -H \"Authorization: Bearer <access-token>\" \\\n  -H \"Content-Type: application/json\" \\\n  -H \"X-Tenant-ID: <tenant-id>\" \\\n  -d '{\n    \"query\": \"<approved GraphQL document>\",\n    \"variables\": {}\n  }'","description":"Request example"},{"language":"json","code":"{\n  \"data\": {\n    \"result\": \"Returned for your approved operation bundle\"\n  }\n}","description":"Response example"}]}],"relatedTopics":["identity-app-registration","oauth-service-tokens","jwks-token-verification","event-delivery-webhooks"],"markdown":"# GraphQL transport contract\n\nConnect to the shared GraphQL transport with bearer authentication and tenant scoping, without publishing the full schema or operation inventory.\n\n## POST /graphql · Use the shared GraphQL transport\n\nRoute: POST /graphql\nHost: https://api.knogin.com\nAuth: Bearer token\nAudience: External integrators\nStability: Stable\n\nConnect to the GraphQL endpoint with bearer tokens and tenant scoping, while operation bundles remain curated and access-controlled.\n\nIntegration notes:\n- Public documentation covers transport, headers, tenancy, and error handling only.\n- Schema dumps, playground access, introspection guidance, and unpublished operations are excluded from the public contract.\n- Approved partners receive curated operation bundles tied to explicit integration workflows.\n\nRequest example\n\n```bash\ncurl -X POST https://api.knogin.com/graphql \\\n  -H \"Authorization: Bearer <access-token>\" \\\n  -H \"Content-Type: application/json\" \\\n  -H \"X-Tenant-ID: <tenant-id>\" \\\n  -d '{\n    \"query\": \"<approved GraphQL document>\",\n    \"variables\": {}\n  }'\n```\n\nResponse example\n\n```json\n{\n  \"data\": {\n    \"result\": \"Returned for your approved operation bundle\"\n  }\n}\n```\n\n## Related Topics\n\n- [Identity and app registration](https://knogin.com/api/docs/identity-app-registration)\n- [OAuth and service tokens](https://knogin.com/api/docs/oauth-service-tokens)\n- [JWKS and token verification](https://knogin.com/api/docs/jwks-token-verification)\n- [Event delivery and webhooks](https://knogin.com/api/docs/event-delivery-webhooks)","metadata":{"readingTime":"2 min","difficulty":"intermediate","tags":["integrations","api","oauth","webhooks","graphql"]}}