[FEAT]: Admin JWT/api-key for backend queries and graphql

[c-nv-s]

Is your feature request related to a problem? Please describe.
whilst trying to programmatically retrieve a batch of test customers' details, I noticed that the /api/v1/customers endpoint accepts the user's api key, but the /graphql endpoint doesn't accept it because it needs a JWT.

It is not clear how a backend (or even a user-facing frontend app) would get that JWT in order to query the graphql endpoint for administrative purposes.

It would be useful to have the ability to set/create a privileged api key/jwt for use of the graphql endpoint from other backends/microservices
This is particularly useful if one has their microservices behind an api gateway performing various business logic

Describe the solution you'd like
A way to perform queries and administrative tasks across multiple users without having to use a user-specific api key to query each account.

[jdenquin]

Hello @c-nv-s

The GraphQL API is for the Lago's front purpose, we do not support calls on it without a JWT token since a user has to be logged in this scope's logic.
We can add the possibility to use a JWT token for internal services, or generate one for internal uses, I may create a doc about this but we didn't scheduled yet to open the GraphQL API like the REST one is.

I hope it answers your problem, if not I'm happy to dig more on this!

[c-nv-s]

just wanted to say I'm still running into this issue as a bit of a blocker.
the thing is I have lago behind an api gateway acting as the sole source of truth of user info for a few services.
the backend servers all need to be able to be granted permission (even if non-privileged) to query the lago api for this user data, at the moment this isn't easy without finding a way to pass the time-limited api token around somehow.
As an alternative I suppose I may have to explore just giving them a means to query the lago database directly... hmm.

[jdenquin]

Hello @c-nv-s

I'm not sure to understand your use case.
The REST API does not fit your needs?

Happy to discuss more about it on our slack community https://lago-community.slack.com

[c-nv-s]

I suppose the issue is when you have two or more organizations registered (therefore multiple api keys) and a backend system/s (e.g. API Gateway) which needs to be able to easily query the information across organizations...
You have to find a way for the backend/s to change to the relevant api key for each organization it needs to query.
I also want to note that at the time of raising this ticket the endpoint GET /api/v1/customers/:external_id wasn't working or documented (there was only POST /api/v1/customers), so things have moved on little.
Anyway I'm not too precious about this ticket as it is low priority for me now, however I believe it is an issue which others may eventually encounter.

[joshhopkins]

@jdenquin we would be interested in including the GraphQL API within our "supergraph". It would be great if a JWT token could be used for both internal and external use.

[jdenquin]

Hello Guys,

Sorry for the (very) late reply, we still have this feature in mind and will try to prioritize it asap!

[Robokishan]

Hey @jdenquin Happy to contribute on this, if you already have a solid plan we can discuss over slack