Skip to content

Public API · GraphQL

Authentication

Server-to-server and embed-scoped calls carry a Bearer token.

Bearer token

Send Authorization: Bearer <jwt> for server-to-server flows, e2e tests, and embed-scoped sign-ins.

bash
curl https://go.sessions.website/api/graphql \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer <your-jwt>' \
  --data '{"query":"{ me { user { id } } }"}'
MCP (AI assistants)
AI assistants call the public surface over the Model Context Protocol instead of raw GraphQL — discovery is anonymous, and viewer tools reuse the same Bearer JWT or an OAuth token scoped mcp:account. See the public MCP guide