In the Comet API, ensuring secure access to resources is of utmost importance. The API provides mechanisms for both authentication and authorization using API keys and JWT tokens.

Using API Keys

API keys are a simple and effective way to authenticate requests. You can pass the API key as a header for each request:

x-api-key: YOUR_API_KEY

JWT Tokens

For more extended sessions or scenarios where you don’t want to send the API key with every request, you can opt for JWT tokens. First, you need to request a JWT token using the tokenCreate API:

mutation {
	tokenCreate(input: { authType: API_KEY, auth: { apiKey: "YOUR_API_KEY" } }) {
		token
	}
}

Once you have the JWT token, include it in subsequent requests in the Authorization header:

Authorization: Bearer YOUR_JWT_TOKEN