---
title: Authentication
layour: layout.html
---

# Authentication

To communicate with the Wonderflow API, you will need an OAuth token.

In order to create a token, you need to log in to the Wonderflow API, by executin the GraphQL mutation `login`.

**Example request**

```
POST https://graphql.wonderflow.co/

mutation login {
  login(email: "progra-1@customer.com", password: "TEST") {
    token
    user {
      role
      scope
      email
      company {
        name
      }
      created
    }
  }
}
```

If the email and password are correct, then you will receive the token in the response.

**Example response**

```
{
  "data": {
    "login": {
      "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6IlNVUEVSQURNSU4iLCJpYXQiOjE1MDA3NjU1NDMsImV4cCI6MTUwMTM3MDM0M30.Xmq7LUXEImoOUSxS3tbyPOKKIv7Kgk46Ucrs1EKUiPA",
      "user": {
        "role": "user",
        "email": "progra-1@customer.com",
        "created": "2017-07-21T09:48:22.073Z"
      }
    }
  }
}
```



You can now use the token to make other requests to access data.

The authentication token is valid for a limited period of time. In case it expires, you will receive an http response with status code 401 (Unauthorized) and you will have to make the authentication step again if you want to continue to use the API.