There are many ways you can build a graphQL api. Today I want to touch a little on how to build authentication checks on your api, so you can ensure that only logged users are able to interact with it.
The two main options that came to my mind were:
Signup and Login mutations/signup and /login for handling such.Currently my preferred approach is to use the separate routes. The reasoning behind it is very simple:
Doing it this way, I can check for authentication before the user is able to use any mutation/query on my graphql endpoint and that simplifies the authorization aspect quite a bit.