Basics
The Spiff Commerce GraphQL API can be interacted with via an HTTPS request that has been authenticated.
Requests
URL
The GraphQL API is located at https://api.us.spiffcommerce.com/graphql. (Non-US users will use make requests to the appropriate subdomain instead e.g. users of the AU system will make requests to api.au.spiffcommerce.com)
Method
All GraphQL requests must be POSTs.
Body
A GraphQL request may consist of either:
- One or more queries; or
- One or more mutations, denoted "mutation".
You may not mix queries with mutations in the same request.
Example Queries
{
orders(ids: ["00000000-0000-0000-0000-000000000000"]) {
id
lineItems {
id
}
}
customers(ids: ["00000000-0000-0000-0000-000000000000"]) {
id
emailAddress
firstName
lastName
}
}
Example Mutations
mutation {
transactionUpdate(id: "00000000-0000-0000-0000-000000000000", workflowId: "00000000-0000-0000-0000-000000000000") {
id
}
transactionUpdate(id: "00000000-0000-0000-0000-000000000001", workflowId: "00000000-0000-0000-0000-000000000000") {
id
}
}
Headers
Depending on the queries or mutations you are performing, you may need one or more of these request headers.
| Name | Description |
|---|---|
| Authorization | See the documentation about our Authentication to learn how to calculate this header. |
| PartnerId | ID of your partner entity. |
| TransactionOwnerId | Temporary ID that provides write access to a specific transaction. |
Responses
Status Code
The GraphQL API is expected to return a code of 200, even in the case of failures. Failures, such as authentication failures, are usually indicated by the absence of requested but missing or forbidden data in the response body, or the presence of an errors object in the response body.
A non-200 status code generally indicates a malformed request body.